LSU Health adds UMC New Orleans to list of places affected by cyber intrusion that exposed patient info to hackers


NEW ORLEANS, La. (WDSU) — University Medical Center of New Orleans has been added to a cyber intrusion that happened at LSU Health New Orleans Health Care Services Division.

The breach was first reported back in November.

LSU HCSD has since become aware that the employee’s electronic mailbox also included information from its partner hospital, University Medical Center- New Orleans.

UMC-NO was notified on Nov. 12 by LSU HCSD of the possibility that some of its patients’ protected information may have been accessible to the cyber intruder, according to a news release by LSU-HCSD.

UMC-NO is in the process of conducting its own investigation and discovery, according to the news release.

LSU HCSD said the intrusion appears to have happened on Sept. 15, and the mailbox access was discovered and disabled on Sept. 18.

The Health Care Services Division is not aware that the intruder actually accessed or misused the patient information in the employee’s mailbox, according to the news release.

“The type and amount of patient information varied with each email message but may have included: patients’ names; medical record numbers; account numbers; dates of birth; Social Security numbers; dates of service; types of services received; phone numbers; and/or addresses; and insurance identification numbers.

“A few contained a patient’s bank account number and health information including a diagnosis. In most instances, there was limited information in the email or attachment, meaning that just a few of these identifiers were contained in the email,” LSU HCSD said in an issued statement.

Out of an abundance of caution, LSU HCSD said patients who received care at UMC-NO are encouraged to monitor their credit reports for potential identity theft.

The website provides a step-by-step process to respond to, and recover from, incidents of identity theft.

“LSU Health Care Services Division sincerely regrets any inconvenience or concern this incident may cause affected patients. Although strict privacy and security policies were in place at the time of the intrusion, security practices and procedures as well as additional available methods for protecting the email system are being reviewed to determine if improvements can be made to further reduce the risk of such a breach in the future. Any changes will be included in the information security training that all employees are required to complete.

“Any questions concerning this matter should be directed to UMC-NO at 1-800-872-4923, Monday through Friday from 8:00 a.m. to 5:00 p.m,” LSU HCSD said in an issued statement.

Original reports:

LSU Health announced that thousands of patients may have had their personal information exposed to hackers after a cyber intrusion into one of its employee’s emails.

The data breach affected patients at the following hospitals: Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; and the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

Officials say it happened on Sept. 15, but, they are not sure if the intruder actually accessed or miscued patient information.

LSU Health says they have started reaching out to patients whose information may have been compromised, including names.

Medical record numbers, health information, social security numbers, and for some, bank account numbers could have been exposed.

The health system is urging those who could have been affected to keep track of their credit reports for potential identity theft.

Copyright 2021 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Latest BRProud Articles

More Local News

Stay up to date with the latest news by downloading the BRProud App from the App Store or Google Play.

Trending Stories