(“OS”), an organization which provides claims management services to certain healthcare providers, among which is Prairie Ridge Health, announced that a phishing email campaign may have resulted in unauthorized access to personal information contained within an OS employee’s email account.

On April 8, 2019, Prairie Ridge Health, Inc. (PRH) was notified by OS that their patient's personal identifying information may have been subject to this incident. The data involved came from numerous OS clients email accounts and it is not clear if information specific to PRH patients was actually viewed by anyone. The data that may have been subject to this incident generally included; individual name, hospital account number, name of insurer, summary of charges and category of service. For a limited number of individuals, social security numbers, in the form of insurance identification numbers, may have been impacted. Although the particular data at issue varied by patient. At this time, there is no evidence of any actual or attempted misuse of the information accessible within the email account. No financial account information was impacted as a result of this event. Upon learning of the incident, OS immediately secured the impacted email account. OS also reviewed existing policies and procedures, implemented additional safeguards, and will continue working to further secure the information in its systems.

On May 24, 2019, OS began mailing individual notifications to each patient impacted and offering certain resources such as; free access to Kroll’s fraud consultation and identity theft restoration services. Patients may call the toll-free dedicated assistance line at 1-866-775-4209, Monday through Friday from 8:00 a.m. to 5:30 p.m. with any questions. In addition, affected individuals may also submit any questions about this incident by mail directed to OS: PO Box 311, Pewaukee, WI 53072. Pewaukee, WI 53072. Patients may also directly contact Andrea Link, Privacy Officer at PRH by calling 1-920-623-2200 with any questions related to this incident.

"The hospital takes the privacy and security of its patient information very seriously, and ensures that its business associates do as well," said John Russell, CEO of PRH. “We will continue to ensure that OS does all that it can do to work with our patients whose personal information may have been compromised and help them work through the process. We regret that this incident has occurred, and we are committed to work with our business partners to prevent future such occurrences. We appreciate our patients' support during this time."

See PDF Version