1. What happened?

Morehead Memorial Hospital recently learned that it was the victim of a phishing attack that affected two employee email accounts containing certain private patient and employee data.

  1. Who is responsible for this incident?

We do not know who was responsible for the incident. However, we have informed the FBI and the Department of Homeland Security and will cooperate with their investigation into the incident.

  1. How many employee mailboxes were affected?

Following an extensive computer forensic investigation, it was determined that only two employee email accounts were accessed by unauthorized parties.

  1. What personal information was affected?

The incident affected various types of information about certain patients and/or employees of Morehead Hospital, including health insurance payment summaries, treatment overviews, health plan information, and in limited cases, Social Security numbers.  If you received a notice letter in the mail, it provides specific details about what information of yours was involved.

  1. Do you suspect that my information has been misused?

At this time, we are not aware of any fraudulent use of personal information as a result of this incident. However, out of an abundance of caution, you should remain vigilant to guard against the possible misuse of your information.  You can also enroll for a year of the free identity monitoring services outlined in your letter.  This service helps detect possible misuse of your personal information and may alert you if someone attempts to misuse your information.

  1. Are the affected email boxes still compromised or vulnerable? What is Morehead Hospital doing to prevent something like this from recurring in the future?

Morehead Hospital promptly took steps to cut off unauthorized access to the affected hospital email accounts and issued a network-wide password reset following this incident. We are also taking steps to help prevent something like this from recurring in the future, such as providing additional employee training and enhancing security