KRQE reports:
San Juan County is warning the public of a possible data breach in patients’ health records.
Authorities say someone hacked into a county computer on Wednesday.
An investigation shows no information was taken, but county officials say patients who participated in the DWI or Axis treatment programs may have had their personal information viewed.
The county’s statement, as posted on their web site, reveals that the intrusion was detected within 30 minutes, probably preventing the incident from becoming much worse:
The privacy and protection of individual’s personal information is a matter that San Juan County (SJC) takes very seriously, and SJC has worked quickly to resolve a recent data incident. Please review the information provided in this notice for some steps that you may take to protect yourself against any potential misuse of your information.
What Happened
On March 18, 2016, an outside hacker obtained remote access for a limited time period to a county computer. This access lasted for less than thirty minutes. During the time, the intruder briefly had remote access to the county employee’s computer. The security incident was discovered within thirty minutes of the incident’s occurrence.
What Information Was Involved
Based on its internal investigation of this matter, SJC determined that health information, including name, address, health assessments, treatment and medication information for individuals who participated in the DWI and/or AXIS treatment programs were potentially at risk to being viewed by the intruder. Upon learning of the incident, SJC immediately took steps to investigate the incident and to ensure that no additional information may have been put at risk. SJC completed a forensic computer investigation and has found no evidence that this information was accessed by the intruder or removed from the computer.
What We Are Doing
We take your privacy and protection very seriously and we deeply regret that this incident occurred. We took steps to address this incident promptly after it was discovered, including undertaking an internal investigation to better understand what had taken place and how. We are now in the process of reviewing our internal policies and data-management protocols and will be implementing enhanced security measures to help prevent this type of incident from recurring in the future.
What You Can Do
Potentially affected individuals can take the following steps to guard against identity theft and fraud:
▪ Contact SJC at the phone number provided below. SJC will determine if your information was potentially affected. SJC can then provide complimentary identity repair and protection services, at no cost to you.
▪ Although financial account details were not affected by this incident, as a general precaution we recommend that you review your credit and debit card account statements as soon as possible to determine if there are any discrepancies or unusual activity listed.
▪ Remain vigilant and continue to monitor your bank and credit card statements for unusual activity going forward. If you see anything that you do not understand or that looks suspicious, or if you suspect that any fraudulent transactions have taken place, call the bank that issued your credit or debit card immediately.
▪ Carefully check your credit reports for accounts you did not open or for inquiries from creditors that you did not initiate. If you see anything that you do not understand, call the credit agency immediately.
For More Information
Please call 1-505-334-4508 to assist you with any other questions or concerns that you have about this incident.
Once again, the privacy and protection of your information is a matter we take very seriously and we sincerely apologize for any concern that this may cause you.
Update: This was reported to HHS as affecting 12,500 patients.