The Nebraska Medical Center (“Nebraska Medicine”) and the University of Nebraska Medical Center (“UNMC”) are notifying its patients whose information may have been involved in a recent data security incident.
On September 20, 2020, we identified unusual network activity that affected some of our IT systems. Immediately upon learning of this incident, we initiated our incident response protocols to minimize any disruption to patients, isolated potentially impacted devices, and shut off select systems as a precaution. We also initiated an investigation, computer forensic experts were engaged to assist our ongoing investigation, and we notified law enforcement.
After a comprehensive evaluation, we confirmed that an unauthorized person gained access to select systems on our network between August 27, 2020 and September 20, 2020. During that time, the unauthorized person deployed malware and acquired copies of some patient and employee information held on those systems. This incident also impacted a limited number of patients seen at Faith Regional Health Services, Great Plains Health, and Mary Lanning Healthcare whose information was in the Nebraska Medicine/UNMC network. For a limited number of Nebraska Medicine/UNMC patients, this information included one or more of their name, address, date of birth, health insurance information, medical record number, and/or clinical information, which may have included physician notes, laboratory results, imaging, diagnosis information, treatment information, and/or prescription information. For a limited number of patients, Social Security numbers were also impacted. Importantly, this incident did not result in unauthorized access to Nebraska Medicine and UNMC’s electronic medical record application.
We began mailing notification letters to impacted patients for whom we have an address on February 5, 2021, which provided guidance on how they can help protect their information. While there is no indication that any data has been used to commit fraud or identity theft, we are also providing patients whose Social Security number and/or driver’s license number were involved with complimentary credit monitoring and identity theft protection services. We also recommend that affected patients review any statements they receive from their health care providers or health insurers and contact them immediately if they see any charges for services not received.
Nebraska Medicine/UNMC take seriously the security and privacy of patient and employee information, and deeply regret that this incident occurred and any concern this may cause. To help prevent something like this from happening again, we are continuing to regularly audit our systems for potential unauthorized activity, and have implemented and will continue to implement enhanced network monitoring tools.
We have also established a call center dedicated to answering questions about this incident. This call center is available at 1-855-763-0482, available between 8:00 a.m. and 5:30 p.m. Central Time, Monday through Friday.