• Substitute Notice: Notice to our Patients About an Email Incident  

    Luminis Health, Inc. is committed to protecting the confidentiality and security of our patients’ information. This notice is to inform our patients of a recent incident that may have involved some of their information.

    On Sept. 3, 2021, we became aware of unauthorized access within our employee email system. We secured the impacted email accounts, began an investigation, and engaged a computer forensics firm to assist. The investigation determined that an unauthorized person gained access to a limited number of employee email accounts between Aug. 26 and Sept. 14, 2021, in what was likely an attempt to fraudulently obtain funds, and not to access any patient information.  However, because we could not rule out the possibility that the emails may have been viewed or accessed during this incident, we conducted a comprehensive review of all emails and attachments within those accounts to identify any patient information contained therein.

    We have now completed our investigation and determined that the mailboxes contained patient names, dates of birth, medical record numbers, and limited clinical information, such as diagnosis or treatment information.  For a limited number of patients, Social Security numbers were also included. Importantly, this incident did not involve access to our electronic medical record system.  

    Although we have no evidence indicating that the unauthorized person viewed any patient information, in an abundance of caution, we began mailing letters to affected patients on January 12, 2022. If you believe you may be affected and have not received a letter by March 11, 2022, please call the dedicated toll-free helpline at 855-675-3128, Monday through Friday, 9 a.m. to 9 p.m. ET. We would also like to remind our patients that it is always advisable to review statements from their healthcare providers or health insurers for accuracy and contact them if they see services that were not received. For those patients whose Social Security numbers were contained within the email accounts, we are offering complimentary identity monitoring services through Equifax.

    We take the privacy and confidentiality of our patients' information very seriously. To help prevent something like this from happening again, we have reinforced education with our employees on how to identify and avoid phishing emails and have implemented tighter controls on the existing multi-factor authentication for our email environment.

    Download a list of Luminis Health entities.