East Tennessee hospital warns of possible computer security breach for patients

Knoxville, TN – April 7, 2022. East Tennessee Children’s Hospital (“ETCH”) is providing notice of a recent incident that may affect the privacy of certain information. ETCH takes this incident and the privacy of information in its care very seriously.  While the investigation into this incident is ongoing, ETCH is providing notice of the event so that potentially affected individuals may take steps to better protect their information from misuse, should they feel it appropriate to do so.


What Happened? On March 13, 2022, ETCH identified unusual activity on its network.  ETCH promptly began taking steps to secure its systems and commenced a comprehensive investigation into the incident.  Through the investigation to date, ETCH has determined that it experienced a cyber incident.  While the investigation is ongoing, on March 18, 2022, ETCH determined that certain documents stored within its environment may have been copied from or viewed on the system as part of the cyber incident between March 11, 2022 – March 14, 2022.   Based on the investigation, ETCH is currently working to determine the scope of potentially affected information and conducting a detailed review of the potentially impacted data to determine the type of information present and to whom it relates.  This effort is currently ongoing.


What Information Was Involved? While the investigation to determine the full scope of potentially affected information is ongoing and may vary by individual, the relevant ETCH systems may contain the following types of information at the time of the event: names, date of birth, Social Security number, driver’s license or state identification number, non-resident identification number, other demographic information, medical information, health insurance information, credit or debit card information, financial information, billing information, other personal health information, and usernames and passwords.


What is ETCH Doing? Along with providing outstanding patient care, the confidentiality, privacy, and security of information within its care are among ETCH’s highest priorities. Upon discovering this incident, ETCH promptly took steps to secure its systems and investigate the full scope of the incident. While the investigation of and response to the event are ongoing, ETCH has taken additional steps to further enhance the security of its systems. As the investigation continues, ETCH will also be notifying potentially affected individuals and providing information on steps that may be taken to best protect personal information.


What You Can Do? ETCH is encouraging potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors. Individuals may also review and consider the information and resources outlined in the Steps Individuals Can Take to Protect Their Personal Information, which may be found below and on ETCH’s website at https://www.etch.com/.


For More Information.  If individuals have additional questions about this incident, they may contact ETCH’s assistance line at 1-833-749-1685, Monday through Friday, from 9:00am – 9:00pm EDT, excluding major U.S. holidays.


Steps Individuals Can Take to Protect Their Personal Information


Monitor Your Accounts by:


  1. Requesting a Free Credit Report

Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.


  1. Placing a “Fraud Alert” on Your Credit File


Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.


  1. Placing a “Credit Freeze” on a Credit Report


As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization.  The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report.  To request a credit freeze, you will need to provide the following information:


  1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. Addresses for the prior two to five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and
  7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.