Patient data compromised | Sandusky Register Fisher-Titus email account breached
Patient data compromised
Brandon Addeo
Feb 24, 2021 2:00 PM
NORWALK — The personal information of patients at Fisher-Titus Medical Center was compromised after an unknown person gained access to an employee's email account.
According to a notice from the Norwalk hospital, someone accessed an employee’s email between August 2020 and October 2020. That email account contained personal information including people’s full names, Social Security numbers, credit and debit card numbers and medical details like diagnoses, clinical information and insurance information.
“We have no evidence that any information has been misused,” the notice states. The hospital did not explain how they know information hasn't been misused.
After learning about the breach, Fisher-Titus consulted with outside cybersecurity experts for an investigation, which concluded on Jan. 13.
Fisher-Titus did not disclose how many patients were affected by the breach. The hospital said that on Feb. 18, they sent notices via mail to each person whose information was compromised. They’re offering free one-year memberships to a credit monitoring service to people whose Social Security numbers were affected, along with information on how to place fraud alerts and security freezes on their credit reports.
The hospital also didn’t say how the breach was discovered, or if law enforcement is involved.
Anyone whose financial information was compromised is asked to contact their financial institution on how to protect their accounts.
Fisher-Titus says that they’re committed to protecting people’s personal details and are taking steps to improve cybersecurity.
“Fisher-Titus has recently made changes to improve our security posture, including stricter password and email retention guidelines, additional antivirus software and enhanced monitoring for threats and security events,” Fisher-Titus marketing and communication director Alexandria Cruey said. “We have also implemented a new anti-phishing platform and continue staff training on these types of attacked and upgraded external firewalls which are used to help keep malicious traffic from coming into the organization.”
Anyone with questions about the incident is asked to contact 1-888-598-2914 between 8 a.m. and 5 p.m. Monday through Friday.
What can be done
When someone’s information is compromised in a security breach, it doesn’t necessarily mean their identity has been stolen, according to information provided by Ohio’s attorney general’s office. But that is a possibility.
“(A breach) does, however, increase the potential that your information could be misused,” according to the attorney general’s office. “As a result, you may wish to take certain precautionary steps immediately.”
One step is to place a fraud alert on your credit report, which makes it harder for identity thieves to open an account in a person’s name.
The alert lasts for one year, can be canceled at any point, and is renewable.
People can place alerts by calling one of the three national credit reporting agencies. It doesn’t matter which one a person contacts because that agency will notify the other two:
• TransUnion: 1-800-680-7289 or transunion.com.
• Equifax: 1-800-525-6285 or equifax.com.
• Experian: 1-888-397-3742 or experian.com.
People can also contact each of those three agencies to “freeze” one’s own credit report, which prevents impostors from being able to request someone’s credit report. Someone who wants to freeze their credit reports must contact each of the three credit reporting agencies individually.
Someone who suspects their information was stolen should continuously monitor their credit report and look for any unauthorized accounts.
“Also look for numerous requests for your information from prospective creditors, which may indicate that someone is attempting to open accounts using your information,” according to the attorney general’s office. “If you discover any unauthorized use of your personal information, contact your local law enforcement.”
People with questions about potential identity theft from data breaches can also contact the Ohio Attorney General’s Office with questions by calling 1-800-282-0515.
Editor’s note: Reporter LynAnne Vucovich contributed to this report.
Brandon Addeo
Feb 24, 2021 2:00 PM
NORWALK — The personal information of patients at Fisher-Titus Medical Center was compromised after an unknown person gained access to an employee's email account.
According to a notice from the Norwalk hospital, someone accessed an employee’s email between August 2020 and October 2020. That email account contained personal information including people’s full names, Social Security numbers, credit and debit card numbers and medical details like diagnoses, clinical information and insurance information.
“We have no evidence that any information has been misused,” the notice states. The hospital did not explain how they know information hasn't been misused.
After learning about the breach, Fisher-Titus consulted with outside cybersecurity experts for an investigation, which concluded on Jan. 13.
Fisher-Titus did not disclose how many patients were affected by the breach. The hospital said that on Feb. 18, they sent notices via mail to each person whose information was compromised. They’re offering free one-year memberships to a credit monitoring service to people whose Social Security numbers were affected, along with information on how to place fraud alerts and security freezes on their credit reports.
The hospital also didn’t say how the breach was discovered, or if law enforcement is involved.
Anyone whose financial information was compromised is asked to contact their financial institution on how to protect their accounts.
Fisher-Titus says that they’re committed to protecting people’s personal details and are taking steps to improve cybersecurity.
“Fisher-Titus has recently made changes to improve our security posture, including stricter password and email retention guidelines, additional antivirus software and enhanced monitoring for threats and security events,” Fisher-Titus marketing and communication director Alexandria Cruey said. “We have also implemented a new anti-phishing platform and continue staff training on these types of attacked and upgraded external firewalls which are used to help keep malicious traffic from coming into the organization.”
Anyone with questions about the incident is asked to contact 1-888-598-2914 between 8 a.m. and 5 p.m. Monday through Friday.
What can be done
When someone’s information is compromised in a security breach, it doesn’t necessarily mean their identity has been stolen, according to information provided by Ohio’s attorney general’s office. But that is a possibility.
“(A breach) does, however, increase the potential that your information could be misused,” according to the attorney general’s office. “As a result, you may wish to take certain precautionary steps immediately.”
One step is to place a fraud alert on your credit report, which makes it harder for identity thieves to open an account in a person’s name.
The alert lasts for one year, can be canceled at any point, and is renewable.
People can place alerts by calling one of the three national credit reporting agencies. It doesn’t matter which one a person contacts because that agency will notify the other two:
• TransUnion: 1-800-680-7289 or transunion.com.
• Equifax: 1-800-525-6285 or equifax.com.
• Experian: 1-888-397-3742 or experian.com.
People can also contact each of those three agencies to “freeze” one’s own credit report, which prevents impostors from being able to request someone’s credit report. Someone who wants to freeze their credit reports must contact each of the three credit reporting agencies individually.
Someone who suspects their information was stolen should continuously monitor their credit report and look for any unauthorized accounts.
“Also look for numerous requests for your information from prospective creditors, which may indicate that someone is attempting to open accounts using your information,” according to the attorney general’s office. “If you discover any unauthorized use of your personal information, contact your local law enforcement.”
People with questions about potential identity theft from data breaches can also contact the Ohio Attorney General’s Office with questions by calling 1-800-282-0515.
Editor’s note: Reporter LynAnne Vucovich contributed to this report.
