Cyber Incident Victim: Bon Secours St. Francis Health System

On January 4, 2019, Bon Secours St. Francis Health System discovered unauthorized access to systems at Milestone Family Medicine, a Greenville-based medical practice previously staffed by physicians employed through St. Francis Physician Services. The organization immediately secured the compromised account and initiated an investigation with assistance from a third-party forensic firm. Analysis revealed that patient information stored on one of the practice's servers was potentially exposed during the breach. The affected data included full names, dates of birth, Social Security numbers, physical addresses, health insurance details, and clinical information related to care received at Milestone Family Medicine. While the investigation confirmed data accessibility, no evidence emerged indicating actual misuse of patient information.

Bon Secours St. Francis began mailing notification letters to affected patients following the forensic review. The organization offered complimentary credit monitoring and identity protection services specifically to individuals whose Social Security numbers were exposed. Patients were advised to review healthcare statements for unrecognized charges and contact providers if discrepancies appeared. A dedicated call center (1-877-239-1255) operated weekdays from 9 a.m. to 9 p.m. Eastern Time to address patient inquiries. In response to the incident, Bon Secours St. Francis announced plans to enhance technology management protocols and strengthen information security risk oversight measures to prevent future breaches. The health system acknowledged the concern caused by the event but reiterated its commitment to patient privacy protections throughout its notification statement.