Prisma Health-Midlands announced this week that private patient information, including Social Security numbers and birthdays, became accessible after an employee's login credentials were compromised on Aug. 29.
The credentials provided access to patient volunteer registration and pre-registration information forms. These forms may have included a patient's full name, address, birthday and additional health information.
In some cases, a patient's Social Security and health insurance information were available. Since the employee's login access was limited, medical records were not accessible via the compromised credentials.
Prisma officials explained in a press release that they are unclear how long the credentials were available. But the hospital system did confirm that 19,000 patients and 3,000 volunteers were potentially affected by the login compromise.
In response to the incident, Prisma explained it conducted "an extensive investigation," and attempted to block inappropriate access to the Palmetto Health website. The system has also changed the employee's password.
Hospital officials are attempting to notify all affected patients by mail.
Prisma is made up of hospitals and health care providers previously owned by Palmetto Health in the Midlands and Greenville Health System in the Upstate.
The two large systems joined forces in 2017. Once combined, Prisma became the largest hospital network in the state.
The Prisma incident isn’t the first time patient information has been compromised in South Carolina.
The financial information for 7,000 Medical University of South Carolina customers was stolen in 2013 when a foreign entity hacked data from an outside credit card processing vendor.
One year earlier, a South Carolina Medicaid employee stole names, phone numbers, addresses, birthdays and Medicaid ID numbers for nearly 230,000 beneficiaries.
In an unusual case, a digital camera used to take photos of newborn babies at Roper St. Francis Mount Pleasant Hospital went missing in 2017. The camera’s memory card contained pictures and identifying information for approximately 500 babies born at the hospital.
The federal Health Insurance Portability and Accountability Act of 1996 prohibits health care providers from compromising private patient information. The government may impose fines when hospitals break the law.
Prisma recommends patients continuously watch all of their account statements and report any discrepancies or unusual activity to law enforcement or by phone at 1-888-479-9996.
For the people whose social security numbers were potentially leaked, the system is offering them a year of free identity theft insurance and credit monitoring.