Anniston, Alabama – August 15, 2023 – Highland Health Systems is writing to inform you of a recent data security incident that may have resulted in unauthorized access to some individuals’ sensitive personal information. This notice is intended to alert those individuals of the incident and to provide additional details about the incident, steps we are taking in response, and resources available to help you protect against the potential misuse of your information.

What Happened? 

On July 3, 2023, Highland Health Systems detected unusual activity on our network. Upon discovery of this incident, Highland Health Systems immediately disconnected all access to the network and promptly engaged a specialized third-party cybersecurity firm to assist with securing the environment, as well as, to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. During the forensic investigation, Highland Health Systems found evidence that some Highland Health Systems files were accessed by an unauthorized actor. At this time, the forensic investigation remains ongoing.

Based on these findings, Highland Health Systems began performing data mining on the affected systems to identify the specific individuals and the types of information that may have been compromised. This process remains ongoing, and Highland Health Systems will supplement this notice as more information becomes available.

What Information Was Involved?

Based on the investigation, the following information related to you may have been subject to unauthorized access: name; address; Driver’s License number; Social Security Number, and limited health information.

Please note that not all individuals had information relating to their Driver’s License number; Social Security Number, and limited health information potentially impacted. Affected individuals will be notified by mail of information that was impacted.

What We Are Doing?

Data privacy and security are among Highland Health System’s highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information in our care. Since the discovery of the incident, Highland Health Systems moved quickly to investigate, respond, and confirm the security of our systems. Specifically, Highland Health Systems disconnected all access to our network, changed administrative credentials, restored operations in a safe and secure mode, implemented security monitoring software, began the process of utilizing endpoint-to-server and server-to-server traffic encryption, started implementing NIST-compliant security measures, and took steps and will continue to take steps to mitigate the risk of future harm.  

What You Can Do:

We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Please review the enclosed Steps You Can Take to Help Protect Your Information, to learn more about how to protect against the possibility of information misuse.  

Other Important Information:

We recognize that you may have questions not addressed in this notice. If you have any questions or concerns, please call 1-833-231-6230 (toll-free) Monday through Friday, during the hours of 8:00 a.m. and 5:00 p.m. Central Standard Time (excluding U.S. national holidays).

Highland Health Systems sincerely regrets any concern or inconvenience this matter may cause and remains dedicated to ensuring the privacy and security of all information in our control.

Sincerely,

Mickey S. Turner, CEO
Highland Health Systems