Seattle Children’s Notifies Affected Patients About a Data Security Incident
Seattle Children’s is providing notice of a data security incident experienced by Kaye-Smith, a vendor that provides mail service to Seattle Children’s. This incident involved certain personal information related to a subset of Seattle Children’s patients. The incident involved unauthorized access to information in Kaye-Smith’s systems. It did not involve unauthorized access to information in Seattle Children’s systems.
The confidentiality, privacy, and security of personal information is very important to both Seattle Children’s and Kaye-Smith, and each organization takes this incident seriously. This notice provides information on the incident, and what each organization is doing in response to keep the personal information of Seattle Children’s patients and their guarantors/guardians safe and secure.
In June 2022, Kaye-Smith engaged outside experts to help investigate suspicious activity relating to its operating environment. A detailed investigation into the matter ultimately confirmed that information related to a subset of Seattle Children’s patients was compromised as part of a ransomware attack by a bad actor. Subsequently, a thorough review of the operating environment was performed to identify the types of information potentially compromised. The information included patient names, addresses, provider names, medical record numbers, visit or lab information, and guarantor numbers and names of insurance carriers. The information did not contain Social Security Numbers or credit card information.
What We Are Doing
Seattle Children’s is committed to providing quality care while protecting the personal information of our patients and their guarantors/guardians and is examining its vendor relationship with Kaye-Smith. While we have no evidence that the compromised information has been misused, we sincerely regret any concern or inconvenience this incident may cause our patients and their guarantors/guardians.
Kaye-Smith is notifying individuals directly by mail and is offering them complimentary Equifax Credit Watch Gold. Kaye-Smith has a call center available that can answer questions about the incident and confirm for individuals whether their information was involved. Individuals can contact the call center at 877-560-8603, 6 a.m. to 6 p.m. Pacific time, Monday through Friday.
Through its investigation, Kaye-Smith has confirmed the scope of this incident, the security of their environment and that their systems are not otherwise currently at risk. To prevent any further unauthorized access, Kaye-Smith has enhanced their security measures and monitoring, and Seattle Children’s is working with Kaye-Smith to evaluate those safeguards.
Frequently Asked Questions
Kaye-Smith is a service bureau for a number of businesses across the country providing customer communications. Kaye-Smith provides mail services for Seattle Children’s.
A subset of Seattle Children’s patients had certain information accessed by an unauthorized actor. Kaye-Smith is contacting patients who were potentially impacted.
The information included patient names, addresses, provider names, medical record numbers, visit or lab information, and guarantor numbers and names of insurance carriers. The information did not contain Social Security Numbers or credit card information.
If you are a patient of Seattle Children’s and did not receive a letter from Seattle Children’s, your data was not involved. If you did, the letter notes the types of data that were impacted. If you think you should have received a letter, please contact Kaye-Smith’s call center at 877-560-8603.
Kaye-Smith is notifying impacted patients of this incident and offering additional guidance on how to monitor or protect against potential fraud. The incident involved unauthorized access to information in Kaye-Smith’s systems. It did not involve unauthorized access to information in Seattle Children’s systems. Kaye-Smith took immediate steps to secure its systems and prevent any further unauthorized access. Kaye-Smith immediately contained the incident and worked with a forensic expert to eradicate the access and is continuing to enhance its systems. Kaye-Smith also reported the incident to the FBI and is working with law enforcement concerning the incident.