Summa Health is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
On May 1, 2019, we learned that an unauthorized person gained access to four employee email accounts that contained patient information. Two of the accounts were accessed in August 2018 and two other accounts were accessed between March 11 and March 29, 2019. We ensured the accounts were secured, began an investigation, and a leading computer forensic firm was hired to assist. The investigation was unable to determine whether the unauthorized individual actually viewed any email or attachment in the accounts. We thoroughly reviewed every email and attachment in the accounts to identify patients whose information may have been accessible to the unauthorized person. Patient information was identified in the accounts, including patient names, dates of birth, medical record or patient account numbers, and clinical and/or treatment information. For a small subset of patients, health insurance information, Social Security numbers, and/or driver’s license numbers were also found in the accounts.
We have no indication that any patient information was actually viewed by the unauthorized person, or that it has been misused. However, out of an abundance of caution, we mailed letters to affected patients on June 28, 2019, and have established a dedicated call center to answer questions that patients may have. If you believe you are affected but do not receive a letter by July 19, please call 330.375.3000, Monday through Friday, between 8 a.m. and 5 p.m. Eastern Time.
We recommend that our patients review the statements they receive from their healthcare providers and health insurers. If you see services that you did not receive, please contact the provider or insurer immediately. For eligible patients whose Social Security number or driver’s license number was found in the email accounts, we are offering complimentary credit monitoring and identity protection services.
We deeply regret any inconvenience or concern this incident may cause you. We continually evaluate and modify our practices to enhance the security and privacy of our patients’ information. To help prevent something like this from happening in the future, we are reinforcing employee training on privacy and security and are instituting additional security measures throughout the health system.