Vail Health Services recently suffered a security incident affecting limited portions of protected health information for some of our patients. After determining that a phishing attack targeted some of our employees, we promptly investigated, and on July 14, 2022 determined that a third party potentially viewed information contained in certain email accounts between mid-January and mid-February. Vail Health is providing this notice to give you more information on what happened and what we are doing in response.
WHAT HAPPENED
An unauthorized third party gained access to a limited number of Vail Health’s email accounts. Once we discovered the incident, we immediately engaged third-party experts to help us investigate and respond to the incident. After identifying the affected email accounts, we engaged a data review firm to comb through the data in those accounts to identify what information they contained. That process takes some time. We ultimately received the review firm’s results on July 14, 2022. Since then, we have been assessing who to notify and locating correct contact information for those involved so that we can provide them notice.
WHAT INFORMATION WAS INVOLVED
This incident exposed some of our patients’ protected health information. The affected data may include information such as names, addresses, date of birth, driver’s license numbers, Social Security numbers, insurance details, and limited portions of medical/treatment history. Based on our investigation, the third party potentially viewed the information in the emails. But we have no reason to suspect the information was or will be misused.
WHAT WE ARE DOING
Vail Health hired third-party experts to help us investigate the extent of the incident, and we are further securing our systems to protect the information. While our emails were already protected by passwords, we have added an additional layer of security to further lockdown access to our employees’ email accounts. And, for individuals whose information was contained in the emails, we are providing notice separately to them if we have their contact information.
WHAT YOU CAN DO
We encourage individuals to (1) remain vigilant for unauthorized financial activity by reviewing their account statements and free credit reports, (2) consider placing a fraud alert of security freeze on their credit file, and (3) report any suspicious activity to law enforcement.
FOR MORE INFORMATION
Our patients and their protected health information are important to us. To address questions you may have, we have set up the following dedicated toll-free number (866) 985-2702. Thank you for your understanding and patience.