Notice to Carle Patients of an Email Incident

Carle Foundation Hospital (“Carle”) is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is about an incident that involves some of that information.

On June 24, 2019, we learned an unauthorized person gained access to three Carle physician email accounts on June 3, 2019. We immediately secured the accounts, opened an investigation, and a leading cyber security firm was engaged to help identify what information may have been impacted. The investigation determined some patient information was contained in the email accounts, which may have included patient names, medical record numbers, dates of birth, and clinical information such as diagnosis and treatment plan. Patient Social Security numbers and financial information were not contained in the physicians’ email accounts.  

This incident affects only certain patients that received cardiology or surgery services at Carle.

We have no indication the unauthorized person used patient information in any way or viewed the emails containing patient information.  However, in an abundance of caution, we mailed letters to affected patients on August 16, 2019, and established a dedicated call center to answer questions. If you believe you are affected and do not receive a letter by September 16, 2019, please call 1-844-999-0055, Monday through Friday, between 7 a.m. and 4 p.m. Central Standard Time. We recommend patients review the statements they receive from their healthcare providers. If they see services they did not receive, please contact the provider immediately. 

We deeply regret any inconvenience or concern this incident may cause you. To help prevent something like this from happening in the future, we are enhancing our email security and providing additional employee training.