Health Quest ("HQ") announced today it is mailing letters to patients whose information may have been impacted by an email phishing incident.

LAGRANGEVILLE, N.Y., Jan. 10, 2020 /PRNewswire/ -- On October 25, 2019, through HQ's investigation of a phishing incident, HQ determined some patient information may have been contained in an email account accessed by an unauthorized party. HQ first learned of a potential incident in July 2018, when numerous HQ employees were deceived by a phishing scheme, which resulted in certain HQ employees being tricked into inadvertently disclosing their email account credentials to an unauthorized party. The employee email accounts in question were secured and a leading cybersecurity firm was engaged to assist HQ in its investigation. As part of the investigation, HQ performed a comprehensive review of the voluminous contents of the email accounts in question to determine if they contained any sensitive information. HQ mailed some notification letters in May, 2019. Upon further investigation, HQ determined additional notices were required.

HQ determined emails and attachments in some employees' email accounts contained information pertaining to current and former patients. The information involved varied by individual, but may include names in combination with, dates of birth, Social Security numbers, Medicare Health Insurance Claim Numbers (HICNs), driver's license numbers, provider name(s), dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with PIN/security code, and payment card information.

On January 10, 2020, HQ began mailing additional letters to affected patients and established a dedicated call center to answer questions that patients may have. HQ recommends its patients review the statements they receive from their healthcare providers and health insurers. If they see services they did not receive, they should contact the provider or insurer immediately. For eligible patients whose Social Security number or driver's license number was found in the email account, HQ is offering complimentary credit monitoring and identity protection services.

Health Quest is now part of Nuvance Health, a seven-hospital system in the Hudson Valley of New York and western Connecticut. HQ and Nuvance Health remain committed to protecting the confidentiality and security of its patients' information. To help prevent something like this from happening in the future, multi-factor authentication for email and additional procedures have been implemented to further expand and strengthen security processes. Additional training to employees regarding phishing emails and other cybersecurity issues has also been offered.

If individuals believe they have been affected but did not receive a letter by February 15, 2020, please call 1-844-967-1236, Monday through Friday, between 9 a.m. and 6:30 p.m. EST with questions.

SOURCE Health Quest Systems, Inc.