Silver Cross Hospital

The way you should be treated.™

Silver Cross Hospital recently learned that a vendor that manages parts of its website experienced a data incident that affected the information of certain Silver Cross patients and others. Silver Cross is working to notify all potentially affected individuals about the incident. 

What Happened 

Patients and others can submit information and inquiries to Silver Cross on various forms on its website. The vendor that manages and hosts the data from completed forms performed a software upgrade in late November 2016.  Based on an investigation by an established third party forensic firm, it appears that this upgrade reconfigured security settings such that data in completed web forms was potentially made available on the internet.  The incident was limited to the data hosted by the vendor, and Silver Cross’s own network and patient records systems were not affected. 

Silver Cross discovered this issue internally on June 14, 2017, and immediately contacted the vendor to remediate the security issue and secure the data. Silver Cross discovered no evidence to date that an unauthorized person actually navigated to one of the affected web forms and accessed sensitive information.  However, out of an abundance of caution, Silver Cross is providing notice to all persons whose information was contained in the relevant forms. 

What Information Was Involved 

The various types of affected web forms sought different information for different purposes, but they may have contained individuals’ names, street addresses, telephone numbers, email addresses, dates of birth, IP address, marital status, race, provider information, and, in some cases, Social Security numbers, health insurance numbers, and information pertaining to mental or health condition or treatment if voluntarily provided in the web form. The incident affected forms submitted to the website between January 2013 and June 14, 2017. 

Please note: Your information may have been submitted to Silver Cross by a third party. For example, you may have been identified as a guarantor or insurance policy holder by a patient who filled out a “Request an Appointment” form, or a family member may have provided feedback or impressions regarding your treatment at Silver Cross in a “Share my Story” or “Contact Us” form.  

What We Are Doing 

Silver Cross takes the privacy and protection of information very seriously, and deeply regrets that this incident occurred.  The hospital took steps to address this incident promptly after it was discovered, including by immediately contacting the vendor to disable potential unauthorized access to completed forms and hiring a computer forensics firm to launch a comprehensive investigation into the circumstances surrounding the incident. Silver Cross is also working with the vendor to implement security reconfigurations and have retained experts to conduct a detailed assessment of its security practices.  Finally, the hospital is reviewing polices and performing additional training in the wake of this incident to prevent against future recurrences. 

To help protect the identities of affected individuals, Silver Cross is offering 12 months of complimentary credit monitoring to affected persons. These services help detect possible misuse of personal information and provide identity protection support focused on immediate identification and resolution of identity theft.  For additional information about these services, please review the notice letter that you received or call 1-866-236-8208. 

What You Can Do 

Affected individuals can do several things to protect themselves. Individuals can carefully check their credit reports for accounts they did not open or for inquiries from creditors they did not initiate, and should call the credit agency immediately if they see something they do not understand.  Any suspicious activity on a credit report should be reported to the local police or sheriff's office.  When contacting law enforcement, individuals should file a police report for identity theft and get a copy of it, since it may be necessary to give copies of the police report to creditors to clear up fraudulent records.  

Patients and individuals who may have paid for medical services provided by Silver Cross can regularly review the explanation of benefits (EOB) statements that they receive from their health insurers or health plans. If they identify services listed on the EOB that were not received, they should immediately contact the health plan. 

As an additional precaution, Silver Cross has provided information and resources to help individuals protect their identities. This includes an "Information About Identity Theft" reference guide, which describes additional steps individuals may take to help protect themselves, including recommendations from the federal government regarding identity theft protection and medical identity theft protection. 

For More Information 

Patients or other individuals with questions about the incident may contact Silver Cross toll-free at 866-236-8208 between 8 a.m. and 6 p.m. Eastern Standard Time, Monday through Friday.

 

Located at 1900 Silver Cross Blvd., New Lenox, IL 60451   Main Phone (815) 300-1100

© Copyright 2017  Silver Cross Hospital. All Rights Reserved.

 

  

Physicians on Silver Cross Hospital’s Medical Staff have expertise in their areas of practice to meet the needs of patients seeking their care.  These physicians are independent practitioners on the Medical Staff and are not the agents or employees of Silver Cross Hospital. They treat patients based upon their independent medical judgment and they bill patients separately for their services.