BJC HealthCare (“BJC”) is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns a security incident that may have involved some of that information for a specific group of patients.
On March 6, 2020, we identified suspicious activity within three BJC employees’ email accounts. BJC immediately took steps to secure the email accounts, and a leading computer forensic firm was engaged to assist with the investigation. The investigation determined that an unauthorized person gained access to the employee email accounts for a limited period of time on March 6, 2020. The investigation was unable to determine whether the unauthorized person viewed any emails or attachments in the employee email accounts. Out of an abundance of caution, BJC reviewed all the emails and attachments contained in the accounts to identify patient information that may have been accessible to the unauthorized person. While this review is ongoing, BJC has identified emails and/or attachments in the accounts that contained patient information, which may have included some patients’ names, dates of birth, medical record or patient account numbers, and limited treatment and/or clinical information, such as provider names, visit dates, medications, diagnoses, and testing information. In some instances, patients’ health insurance information and/or Social Security numbers have also been identified in the accounts.
This incident did not affect all BJC or affiliated hospitals’ and service organizations’ patients, but only those patients whose information was included in the affected email accounts. The affiliated hospitals and service organizations affected by this incident include:
- Alton Memorial Hospital
- Barnes-Jewish Hospital
- Barnes-Jewish St. Peters Hospital
- Barnes-Jewish West County Hospital
- BJC Behavioral Health
- BJC Corporate Health Services
- BJC Home Care
- BJC Medical Group
- Boone Hospital Center
- Christian Hospital
- Memorial Hospital Belleville
- Memorial Hospital East
- Missouri Baptist Medical Center
- Missouri Baptist Physician Services, LLC
- Missouri Baptist Sullivan Hospital
- Parkland Health Center Boone Terre
- Parkland Health Center Farmington
- Progress West Hospital
- St. Louis Children’s Hospital
Once the review is complete, BJC will mail letters to all patients whose information is identified in the employee email accounts. BJC has also established a dedicated, toll-free call center to answer patients’ questions. If you have questions, please call (866) 423-7547, Monday through Friday, from 8:00 a.m. to 6:00 p.m. Central Time. For those patients whose Social Security numbers and/or driver’s license numbers are identified in the email accounts, BJC will offer complimentary credit monitoring and identity protection services. BJC also recommends that affected patients review any statements they receive from their health insurers and health care providers. If patients see charges for services not received, they should contact the insurer or provider immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of patient information. To help prevent something like this from happening in the future, BJC has reinforced education with staff regarding how to identify and avoid suspicious emails and is making additional security enhancements to its email environment.