NewsCovering Louisiana


LSU Health alerts patients of cyber intrusion that may have compromised patient information

Posted at 12:28 PM, Nov 20, 2020
and last updated 2020-11-20 19:15:15-05

LSU Health says that a number of patients' private information may have been compromised in a recent cyber intrusion.

LSU Health New Orleans Health Care Services Division recently became aware of a cyber intrusion into an employee’s electronic mailbox. Email messages or attachments contained limited information about patients who received care at Lallie Kemp Regional Medical Center in Independence; Leonard J. Chabert Medical Center in Houma; W. O. Moss Regional Medical Center in Lake Charles; and the former Earl K. Long Medical Center in Baton Rouge; Bogalusa Medical Center in Bogalusa; University Medical Center in Lafayette; and Interim LSU Hospital in New Orleans.

Offiiclas say the intrusion appears to have occurred on September 15, 2020, and the mailbox access was discovered and disabled on September 18, 2020. The Health Care Services Division says it is not aware that the intruder actually accessed or misused the patient information in the employee’s mailbox. LSU Health Care Services Division is currently investigating the time frame of the patient information that may have been accessed.

When the intrusion was discovered, the LSU Health Care Services Division’s Compliance and Privacy Department began the difficult and laborious process of identifying any patients whose information may have been compromised. While the exhaustive investigation has found thousands of patients, work continues to discover any others. Affected patients and the public are being notified, a release states.

The type and amount of patient information varied by location of care and each email message but may have included: patients’ names; medical record numbers; account numbers; dates of birth; Social Security numbers; dates of service; types of services received; phone numbers; and/or addresses; and insurance identification numbers. A few contained a patient’s bank account number and health information including a diagnosis. In most instances, there was limited information in the email or attachment, meaning that just a few of these identifiers were contained in the email.

Out of an abundance of caution, patients who received care at the above hospitals are encouraged to monitor their credit reports for potential identity theft. The website provides a step-by-step process to respond to, and recover from, incidents of identity theft.

"LSU Health Care Services Division sincerely regrets any inconvenience or concern this incident may cause affected patients. Although strict privacy and security policies were in place at the time of the intrusion, security practices and procedures as well as additional available methods for protecting the email system are being reviewed to determine if improvements can be made to further reduce the risk of such a breach in the future. Any changes will be included in the information security training that all employees are required to complete."

Officials say that any questions concerning this matter should be directed to LSU Health Care Services Division’s Compliance and Privacy Department at 1-800-735-1185. Please leave your name and a phone number where you can be reached. Your calls will be returned as soon as possible.

Stay in touch with us anytime, anywhere.

To reach the newsroom or report a typo/correction, click HERE.

Sign up for newsletters emailed to your inbox. Select from these options: Breaking News, Evening News Headlines, Latest COVID-19 Headlines, Morning News Headlines, Special Offers

Follow us on Twitter

Like us on Facebook

Follow us on Instagram

Subscribe to our Youtube channel