Notice to Behavioral Health Clients: Information Security Incident
Kent Youth and Family Services is committed to protecting the confidentiality and security of our patients’ information. Regrettably, this notice concerns an incident involving some of that information.
KYFS determined that an unknown individual remotely accessed the KYFS email system and blocked our access to the system starting on or before February 3, 2019, through April 5, 2019. We took immediate action with our email service provider to regain access to the system and secure the accounts, and an outside computer forensic firm was retained to help us determine what information the unauthorized individual may have accessed. After an extensive forensic investigation that required a review of mailbox access logs and manual reviews for sensitive information, we determined on June 4, 2019, that the unauthorized individual may have accessed some patient information in the email system, including patient names and, for some patients, a date of birth, medical record number and/or limited clinical or treatment information. The incident did not involve all KYFS patients or access to our electronic health records system.
We have no indication that any patient information was actually viewed by the unauthorized person, or that it has been misused. However, out of an abundance of caution, we mailed letters to affected patients on August 2, 2019, and have established a dedicated call center to answer questions that patients may have. If you believe you are affected but do not receive a letter by August 9, please call 877-890-8087, Monday through Friday, between 6 am and 6 pm Pacific Time.
We recommend that our patients review the statements they receive from their healthcare providers and health insurers. If you see services that you did not receive, please contact the provider or insurer immediately.
We deeply regret any inconvenience or concern this incident may cause you. We continually evaluate and modify our practices to enhance the security and privacy of our patients’ information. To help prevent something like this from happening in the future, we are reinforcing employee training on privacy and security and are instituting additional security measures throughout the organization.