Monroe Surgical Hospital uses a service called IBERIABANK, which collects and processes payments from patients and customers. In turn, IBERIABANK uses a third party, the Technology Management Resources, Inc., to scan and process payments and other relevant payment data received in the lockbox. Monroe Surgical Hospital has nothing to do with TMR.
In July, TMR discovered that account user of one of her employees had been violated. Monroe Surgical Hospital received official notification of this incident on October 13 and has been actively seeking information about the incident ever since.
TMR reported that when it discovered the incident, it immediately secured the account and launched an investigation in consultation with external security professionals in the cyberspace. TMR said their investigation found that the cybercriminal may have had access to test images and personal health information related to patients at Monroe Surgical Hospital. According to TMR, the infringement took place between August 5, 2018 and May 31, 2020, with most of the activity taking place between February and May 2020. TMR informed the FBI about the incident. It is believed to be part of a wider attempt by an unknown criminal in cyberspace to attack TMR customers beyond IBERIABANK.
According to TMR, the investigation concluded that malicious agent had access to images in the TMR application. The PHI in these images may include the names, addresses, dates of birth, health and insurance account numbers of some patients, type of treatment, provider name information and treatment costs.
Any patients or clients of Monroe Hospital who have been affected by this incident will receive a letter from IBERIABANK in the coming days.
"Monroe Surgical Hospital takes the confidentiality and security of its patients' information very seriously. Fortunately, the hospital and its internal security and computer systems were not affected by this breach. However, IBERIABANK offers our patients and our customers credit monitoring and theft protection through CyberScout, in order to give them confidence. Information about these services will be provided in the IBERIABANK letter. ”