• Substitute Notice: Notice to our Patients About an Email Incident  

    Luminis Health, Inc. is committed to protecting the confidentiality and security of our patients’ information. This notice is to inform our patients of a recent incident that may have involved some of that information.

    On Sept. 3, 2021, we became aware of unauthorized access within our employee email system. We secured the impacted email accounts, began an investigation, and engaged a computer forensics firm to assist. The investigation determined that an unauthorized person gained access to a limited number of employee email accounts between Aug. 26 and Sept. 14, 2021. Because we are unable to determine which emails, if any, were viewed by the unauthorized person, we are conducting a comprehensive review of all emails and attachments within those accounts.

    Through our ongoing review, we have identified patient information within the accounts, including patient names, dates of birth, medical record numbers, Social Security numbers, and limited clinical information. We have no reason to believe that this information was actually viewed by an unauthorized person, and we have no evidence that any patient information has been misused. However, in an abundance of caution, we began mailing letters to affected patients on January 12, 2022. We anticipate notifying all affected patients in the upcoming weeks, once our investigation is complete.

    For individuals seeking more information or who have questions, please call the dedicated toll-free helpline set up specifically for this purpose at 855-675-3128, Monday through Friday, 9 a.m. to 9 p.m. ET. We would also like to remind our patients that it is always advisable to review statements from their healthcare providers or health insurers for accuracy and contact them if they see services that were not received. For those patients whose Social Security numbers were contained within the email accounts, we are offering complimentary identity monitoring services through Equifax.

    We take the privacy and confidentiality of our patients' information very seriously. To help prevent something like this from happening again, we have reinforced education with our employees on how to identify and avoid phishing emails and have implemented tighter controls on the existing multi-factor authentication for our email environment.