Archbold Medical Center was recently notified of a data security incident experienced by our insurance eligibility vendor, Healthcare Fiscal Management, Inc. (HFMI). As part of our commitment to our patients and the communities we serve, we are sharing additional information on behalf of our vendor regarding the incident, their response and steps affected individuals can take to further protect their information. Questions about the incident should be directed to HFMI and its toll-free call center at (855) 917-3550 between the hours of 9:00am to 9:00pm EST, Monday through Friday for more information.
This incident did not involve Archbold’s computers, servers, information security systems or Archbold medical records in any way.
Healthcare Fiscal Management, Inc. Notification of Data Security Incident
Williamston, North Carolina – July 30, 2020 -- Healthcare Fiscal Management Inc. (“HFMI”), a firm specializing in providing insurance eligibility, verification, and payment services to hospitals, and other healthcare providers, announced today that it has taken action after learning of a data security incident which may have compromised certain limited information of patients who received treatment from Archbold Memorial Hospital, Grady General Hospital, Brooks County Hospital, and Mitchell County Hospital. HFMI began providing notice to all potentially impacted individuals associated with this event on July 29, 2020.
What Happened? On April 13, 2020, HFMI became aware of a data security incident that impacted portions of its server and data infrastructure. HFMI immediately took its systems offline and undertook efforts to restore its servers to a new hosting provider with additional high-level security mechanisms and monitoring. HFMI thereafter retained a professional forensic investigation firm to determine the nature of the security compromise and identify any individuals whose information may have been compromised.
What Information Was Involved? The forensic investigation determined that first access to HFMI’s systems occurred on approximately April 12, 2020, with the ransomware launched on April 13, 2020. The data security incident may have resulted in unauthorized access to and/or acquisition of certain patients’ names, dates of birth, Social Security numbers, and hospital medical record numbers. It’s important to note that no other Archbold health or medical information was affected by this incident.
What is HFMI Doing? Following the data security incident, HFMI immediately undertook efforts to restore the impacted servers to a new hosting provider. Backups and other information maintained by HFMI were used to enable near seamless restoration of security and services on the same day. HFMI retained a forensic investigation firm to thoroughly investigate the incident and obtained confirmation to the best of its ability that the information is no longer in possession of the third party(ies) associated with this incident. HFMI has also offered the impacted individuals access to one year of complimentary credit monitoring and identity theft protection services as an added precaution and to mitigate risk. Please be advised that HFMI is continuing to work closely with leading security experts to identify and implement measures to further strengthen the security of their systems to help prevent this from happening in the future.
What Patients Can Do. HFMI is aware of how important personal information and protected health information is to patients and their loved ones. HFMI began mailing notification letters on July 29, 2020, to the patients of Archbold whose information may have been affected by this incident and anticipates that it will take up to five days for individuals to receive a letter. If an individual does not receive a letter, but would like to know if he or she was potentially affected by this incident, or would like additional information, individuals may call HFMI’s dedicated call center toll free at (855) 917-3550 between the hours of 9:00am to 9:00pm EST, Monday through Friday.