Third Party Security Incident - DMS Health Technologies - September 22, 2023
Maintaining the privacy and security of our patients’ information is important to Ascension. On August 15, 2023 we received notice from DMS Health Technologies (“DMS”) - a third party partner of imaging devices - of a security incident involving some patients’ information for some Ascension entities in Kansas (Via Christi Hospital Pittsburg, Via Christi St. Francis, Via Christi Imaging Manhattan), Texas (Providence Hospital, Seton Highland Lakes Hospital), and Oklahoma (St. John Jane Phillips). Importantly, this incident did not involve Ascension systems, networks, or electronic health records or other Ascension locations.
On April 23, 2023, DMS became aware of suspicious activity related to their computer systems. Upon investigation DMS determined that there was unauthorized access to their network between March 27 and April 24, 2023, and the unauthorized actor had the ability to access some information stored on the network during that time. On July 19, 2023, DMS completed their review and determined that some Ascension patients’ information could have been affected.
Ascension information affected by the incident included the following (Note: not all individuals would have all information affected): full name, date of birth, date of service, physician name, and exam type. Ascension has worked with DMS to notify impacted individuals.
DMS took immediate steps to secure their network and maintain operations in a safe and secure manner. They are reviewing their existing policies and procedures and plan to implement additional administrative and technical safeguards to further secure their systems. Ascension will continue to work with DMS to ensure the privacy and security of our patients’ information.
You can read more about this incident on the DMS website here: https://www.dmshealth.com/notice-of-data-event/
If you have additional questions, please contact the dedicated assistance line toll-free at 1-866-373-7164 Monday through Friday from 8:00am to 10:00 pm Central Time, or Saturday and Sunday from 10:00 am to 7:00 pm Central Time, excluding major U.S. holidays.
Third Party Security Incident - Nuance Communications - Indiana - September 18, 2023
Maintaining the privacy and security of our patients' information is important to Ascension St. Vincent (Indiana). On August 21, 2023 we received notice from Nuance Communications, Inc. (“Nuance”) - a third party partner of software services - of a security incident involving a transfer application they use to support their services. Importantly, this incident did not involve Ascension systems, networks, or electronic health records.
Progress Software Corporation (“Progress”), a provider of the MOVEit application, which is used for secure file transfers, experienced a security incident that affected the data of multiple organizations around May 28 and 29, 2023. Progress Software disclosed the incident to Nuance on May 31, 2023. Nuance immediately took steps to secure systems and launched an investigation, which was conducted by experienced cybersecurity experts, including an outside law firm. Nuance also notified law enforcement authorities and is cooperating with their investigation. As part of the investigation, the impacted data was analyzed to determine whether any individual’s personal information was subject to unauthorized access or acquisition. On July 17, 2023, Nuance confirmed Ascension St. Vincent data was impacted.
Ascension St. Vincent information impacted by the incident included the following (Note: not all individuals would have all information affected): name; relative or power of attorney’s name; information about medical services provided, such as service type, date of service, facility or provider name, diagnoses, diagnostic imaging reports; and other individual identifiers (accession number, study ID, medical record number). Ascension St. Vincent has worked with Nuance to notify affected individuals.
Nuance has taken steps to help prevent similar incidents from happening in the future. They have implemented and are continuing to implement new information security tools, processes and procedures to further strengthen the security of their information technology system environments. Although there is no evidence to date that information has been subject to fraud, individuals should remain vigilant against incidents of identity theft and fraud, review account statements, and monitor free credit reports for suspicious activity and to detect errors.
You can read more about the incident on Nuance’s website here: https://www.nuance.com/moveit-support.html
If you have additional questions, please contact the dedicated assistance line toll-free at 1-888-988-0380 Monday through Friday, between 8:00 a.m. and 5:30 p.m., Central Time, excluding major U.S. holidays.