One of the largest health systems on the East Coast is notifying patients of a cybersecurity incident that exposed the billing information of thousands of individuals.
Jefferson Health began sending out letters on Jan. 20 to those that may have been affected, the Philadelphia system announced. The incident occurred this past November when an unauthorized person gained entry to an online portal Jefferson uses to submit billing information and tried to intercept wire payments meant for the health system.
The hacker impersonated two staff members and reset passwords on the portal, the PhillyVoice reported Friday. An investigation into the matter revealed that the virtual thief gained access to a remittance sheet with billing information on 9,095 patients, Jefferson Health explained.
Health insurance and financial account information, Social Security numbers and patient treatment data were not compromised, according to the announcement.
“Jefferson Health regrets this incident occurred and is committed to protecting the security and privacy of patient information,” the system said in a letter posted to its website. “To help prevent something like this from happening again, Jefferson Health is reviewing and enhancing its security protocols.”