Cyber Incident Victim: Roper St. Francis Healthcare

On January 4, 2019, Bon Secours St. Francis Health System discovered that an unauthorized individual had accessed systems at Milestone Family Medicine, a Greenville-based medical practice previously affiliated with St. Francis Physician Services. The health system immediately secured the compromised account and initiated an investigation, engaging a third-party forensic firm to assist. The investigation revealed that patient information stored on one of the practice's servers was potentially exposed. This data included full names, dates of birth, Social Security numbers, physical addresses, health insurance details, and clinical information related to care received at Milestone Family Medicine. While the breach notification didn't specify the exact number of affected individuals, it confirmed the exposure of highly sensitive personal and health information that could enable identity theft or insurance fraud.

Bon Secours began mailing notification letters to impacted patients following the investigation's conclusions. The organization offered complimentary credit monitoring and identity protection services specifically to patients whose Social Security numbers were exposed. Patients were advised to review their healthcare provider statements for unauthorized charges and report discrepancies. Although no evidence of information misuse was identified, the health system acknowledged the breach's potential consequences by implementing enhanced technology management protocols and strengthening information security risk oversight. The incident response included establishing a dedicated call center (1-877-239-1255) operational on weekdays to address patient concerns, reflecting organizational efforts to manage fallout while instituting preventive measures against future breaches.