identification data belonging to some patients who were seen at employed
physician practices and clinics affiliated with Wesley Health Systems over the
past five years was transferred out of our organization in a criminal cyber
attack by a foreign-based intruder. The transferred information did not include
any medical information or credit card information, but it did include names,
addresses, birthdates, telephone numbers and social security numbers.
We take very seriously the
security and confidentiality of private patient information and we sincerely
regret any concern or inconvenience to patients. Though we have no reason to
believe that this data would ever be used, all affected patients are being
notified by letter this week and offered free identity theft protection.
Our organization believes the
intruder was a foreign-based group out of China that was likely looking for
intellectual property. The intruder used highly sophisticated methods to bypass
security systems. The intruder has been eradicated and applications have been
deployed to protect against future attacks. We are working with federal law
enforcement authorities in their investigation and will support prosecution of
those responsible for this attack.