This notice from their web site just showed up in my searches:
Catawba Valley Medical Center (CVMC) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice concerns an incident that may have involved some of that information.
On August 13, 2018, CVMC determined an unauthorized person may have gained access to an employees’ email account. CVMC immediately took steps to secure the email account and began an investigation, including hiring a leading computer forensic firm to assist. On August 24, 2018, the investigation determined three email accounts may have been accessed between July 4, 2018 and August 17, 2018. Through the course of our investigation, we have determined that some patient information may have been in those email accounts and may have included patient names, dates of birth, health information about services received at CVMC, health insurance information, and in some instances, Social Security numbers.
We have no indication that the information in the emails has been misused in any way. However, out of an abundance of caution, we began mailing letters to affected patients on October 12, 2018, and have established a dedicated call center to answer any questions patients may have. If you believe you are affected and have not received a letter by November 15, 2018, please call 1-877-214-4239, from 9:00 a.m. to 9:00 p.m. Eastern time, Monday through Friday.
We recommend that affected patients review the statements they received from their health insurer. If they see services they did not receive, contact the insurer immediately.
We deeply regret any inconvenience or concern this incident may cause our patients. To help prevent something like this from happening in the future, we have hired security experts to enhance our employee education; we have implemented tighter e-mail controls; and we continue to upgrade our hardware and software platforms to combat these malicious threats.
<posted 10/12/2018>