Patients and volunteers at several Midlands hospitals might have had their personal information exposed online, according to Prisma Health.
The problem was discovered after a Prisma Health employee’s login credentials were compromised, said Tammie Epps, a spokeswoman for the largest hospital system in South Carolina.
Records from the six hospitals of Prisma Health-Midlands were affected in the leak, which was discovered on Aug. 29, Epps said in a news release. The company did not respond to questions from The State about why the public was not alerted sooner.
The personal information potentially exposed online came from pre-registration forms and included names of patients and volunteers, addresses, birthdays and Social Security numbers in addition to some health and insurance information, Epps said.
However, detailed medical records were not exposed, according to the release.
Prisma officials said they do not know how long the information was available online.
An internal investigation determined that the compromised login credentials provided access to patient pre-registration and volunteer registration information forms previously completed on the Palmetto Health website. Records of patients at Prisma hospitals outside the Midlands were not compromised.
The investigation included assistance from a third-party security firm that Prisma officials declined to name.
Approximately 19,000 patients and 3,000 volunteers may have been affected by the compromise, Prisma told The State.
When Prisma was formed in the 2017 merger of Palmetto Health and the Greenville Health System, it was believed that the 16 member hospitals would treat 1.2 million patients annually.
Since the issue was discovered, access to the leaked information has been blocked and the employee’s password was reset, Epps said
“Prisma Health values the confidentiality of patient information and has taken specific steps to prevent this situation from happening again,” the release said, without providing details about the improvements. “Prisma Health is continuing to take steps to enhance its security measures and update its policies and procedures to help prevent something like this from happening in the future.”
Prisma declined to say what steps were taken, telling The State it doesn’t “discuss specific security measures in detail.”
The company told The State it is offering one year of free identity theft insurance and credit monitoring to anyone whose Social Security numbers were exposed.
Prisma Health said it is mailing letters to the people who might have been affected by the incident.
The company did the same thing in September after patient information was exposed when a notebook was stolen from a doctor’s car.
The notebook, stolen on July 9, contained information about OB/GYN patients from the Prisma Health Richland Campus in Columbia, according to a news release.
It was believed that the notebook was stolen by someone who was looking for money or other valuables in the vehicle, and there is no evidence the information has been used inappropriately, according to a news release issued in September.
In March, an email phishing incident was reported by Prisma, but medical records were not affected.
Prisma Health is the largest private employer in South Carolina with more than 28,000 health care workers and 2,800 physicians.
It is warning anyone who may have been affected by the exposed information to monitor account statements and report discrepancies to law enforcement, or call 888-479-9996.
▪ Prisma Health Baptist Hospital
▪ Prisma Health Baptist Parkridge Hospital
▪ Prisma Health Children’s Hospital
▪ Prisma Health Heart Hospital
▪ Prisma Health Richland Hospital
▪ Prisma Health Tuomey Hospital
Source: Prisma Health
BEHIND OUR REPORTING
This is a breaking news story
In a breaking news situation, facts can be unclear and the situation may still be developing. The State is trying to get important information to the public as quickly and accurately as possible. This story will be updated as more information becomes available, and some information in this story may change as the facts become clearer. Refresh this page later for more updated information.