On April 13, 2020, HFMI became aware of a data security incident, including ransomware, that impacted portions of its server and data infrastructure. HFMI retained a professional forensic investigation firm to determine the nature of the security compromise and identify any individuals whose personal information and/or protected health information may have been compromised.
PLEASE SEE ARTICLE BELOW:
Healthcare Fiscal Management, Inc. Notification of Data Security
Williamston, North Carolina – July 27, 2020 — Healthcare Fiscal Management Inc. (“HFMI”), a firm
specializing in providing self-pay conversion and Medicaid eligibility services for hospital systems, clinics
and physician groups, other healthcare providers and their communities, announced today that it has taken
action after learning of a data security incident which may have compromised the personal information
and/or protected health information of patients who received care from Habersham Medical Center from in
or about February 2020 through April 2020. HFMI began providing notice to all potentially impacted
individuals on July 21, 2020.
What Happened? On April 13, 2020, HFMI became aware of a data security incident, including
ransomware, that impacted portions of its server and data infrastructure. HFMI immediately took its
systems offline and undertook efforts to restore its servers to a new hosting provider with additional highlevel security mechanisms and monitoring. HFMI thereafter retained a professional forensic investigation
firm to determine the nature of the security compromise and identify any individuals whose personal
information and/or protected health information may have been compromised.
What Information Was Involved? The forensic investigation determined that first access to
HFMI’s systems occurred on approximately April 12, 2020, with the ransomware launched on April 13,
2020. The data security incident may have resulted in unauthorized access to or acquisition of personal
information, including names, date of birth, and Social Security numbers, as well as protected health
information, including medical record numbers, account numbers and dates of service that were provided
to HFMI by Habersham Medical Center in connection with HFMI’s provision of Medicaid eligibility
services for Habersham Medical Center between February 2020 through April 2020. No direct medical
diagnoses or clinical information were part of this breach.
What is HFMI Doing? As stated above, following the data security incident, HFMI immediately
undertook efforts to restore the impacted servers to a new hosting provider. Backups and other information
maintained by HFMI were used to enable near seamless restoration of security and services on the same
day. HFMI has retained a forensic investigation firm to thoroughly investigate the incident and has
confirmed that the information is no longer in possession of third party(ies) or accessible via the Internet.
HFMI has also offered the impacted individuals access to complimentary credit monitoring and identity
theft protection services as an added precaution and to mitigate risk. Please be advised that HFMI is
continuing to work closely with leading security experts to identify and implement measures to further
strengthen the security of their systems to help prevent this from happening in the future.
What Can Patients Do? We are aware of how important personal information and protected health
information is to patients and their loved ones. HFMI began mailing notification letters on July 21, 2020,
to the patients of Habersham Medical Center for whom Habersham Medical Center had valid mailing
addresses and whose protected information was contained within the files that may have been accessed or
acquired by an unauthorized actor. We anticipate that it will take five days for individuals to receive this
letter. If an individual does not receive a letter, but would like to know if he or she was potentially affected
by this incident, or if an individual has any questions or would like additional information, they may call
HFMI’s dedicated assistance line at (855) 917-3550 between the hours of 9:00am to 9:00pm EST, Monday