Notice of a Data Incident
Harrisburg Medical Center (“HMC”) has completed its investigation of a data incident that may have involved the personal information of certain individuals. On or about December 23, 2022, HMC discovered unusual activity on its computer network. Upon identifying the issue, HMC promptly began an internal investigation. HMC also worked with law enforcement and engaged a forensic security firm to investigate and confirm the security of its computer systems. The forensic investigation determined that an unknown third party may have accessed and acquired certain documents from HMC’s systems between December 19, 2022, until December 23, 2022.
HMC notified an initial group of individuals on February 21, 2023, whose personal information was believed at that time to have been in the documents involved in the incident. HMC continued its comprehensive review of the relevant documents and on August 24, 2023, determined that they contained additional individuals’ personal information. Since then, HMC has been working diligently to locate those individuals’ mailing addresses, arrange credit monitoring and identify theft protection services where appropriate, draft and finalize notification materials and arrange for notification and call center services. On Tuesday, Dec. 12, 2023, HMC mailed notification letters to those individuals for whom HMC has a valid mailing address. The information varied by individual and may have included name, Social Security number, date of birth, and clinical information, such as diagnosis/conditions, lab results, and prescription information. For a limited number of individuals, the documents may have also included health insurance information, driver’s license/state ID number, digital/electronic signature, and/or financial account number.
HMC is not aware of any evidence that any personal information has been misused for identity theft or fraud.
Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. Although HMC has no evidence that any information may have been misused as a result of this incident, as described in those letters, HMC has arranged for complimentary identity theft protection services for those individuals whose Social Security numbers were involved in the incident. As a precautionary measure, notified individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
HMC takes the security of individuals’ personal information very seriously and apologizes for any inconvenience this incident might cause. Further information and assistance is available via a confidential, toll-free inquiry line at 877-880-1006 from 8:00 a.m. to 8:00 p.m. Central, Monday through Friday, excluding holidays.