Rutland Regional Medical Center recently experienced a security incident where we discovered someone from outside the organization had gained unauthorized access to several employee email accounts. Although our electronic medical record systems were not affected, there were files containing limited patient information in these email accounts that could have been accessed.
To date, Rutland Regional has not received any reports that personal information has been misused as a result of this incident. This week, we are sending letters to provide additional information to each individual that has been affected.
Information security incidents are an increasing threat to businesses, governments and hospitals, and pose a large threat to personal information privacy. Hackers are becoming increasingly sophisticated and aggressive as more and more of our personal data is moved online.
Even as the health care industry becomes more aware of these threats, the trend of at least one health -data breach every day remains. There were 503 large health-data breaches reported to the federal government in 2018 alone, and an alarming increase in the number of affected patient records.
While we know that security incidents are becoming more and more routine in today’s world, this has nevertheless been a distressing situation for Rutland Regional. Patients trust us with sensitive, personal information, and we take our responsibility to protect that information very seriously.
As this threat increases, so does Rutland Regional’s commitment to prioritizing information privacy and security. We have taken, and will continue to take, steps to prevent something like this from happening again.
Over the past year, we invested an additional $200,000 toward securing our IT systems. We’ve hired a dedicated IT security specialist, conducted staff training and purchased new security software. We conduct information security audits on an ongoing basis, and all staff receive continuous training on patient privacy and information security topics such as password management and how to recognize phishing and other malicious email.
As a result of this incident, we have sent our senior information technology staff to meet with Microsoft experts to identify additional security measures that can be put in place. Rutland Regional is using what we learn from this incident to implement additional safeguards to enhance the privacy and security of patient information.
I apologize to our community for the inconvenience and concern this security incident might have caused. All of us at Rutland Regional Medical Center understand the importance of protecting patient health information and are committed to preventing an incident like this from occurring in the future.
As president and CEO of Rutland Regional Medical Center, I want to assure our patients that we will do everything we can to continue to earn your trust.
Claudio Fort is the president and CEO of Rutland Regional Medical Center.