Compliance

Main Content

Breach Notices

Horne Breach

ESO Solutions Breach

 

Horne LLP (“Horne”) provides accounting services to University of Mississippi Medical Center (“UMMC”). Horne recently responded to and addressed a data security incident involving patient information on their systems. Horne is mailing notification letters to some UMMC patients whose information may have been involved in the incident.

According to Horne, it became aware of suspicious activity in its information systems in December of 2021 and determined in October of 2023 that UMMC patient information had been involved. Importantly, none of UMMC’s information systems or electronic medical record system was involved in this incident.

The information involved in the Horne incident varied per patient but may have included some or all of the following: name, addresses, dates of birth, clinical information, health insurance information, and/or medical record number. For some patients, Social Security numbers or driver’s license numbers may have been involved.

For patients whose information may have been involved, we encourage you to review the statements you receive from your health insurers. If you see services that you did not receive, you should contact the insurer that issued the statement immediately.   

We are committed to the privacy of our patients’ information and sincerely regret any inconvenience or concern this may cause. To help prevent something like this from happening again, Horne advised that it has implemented additional safeguards and technical security measures to further protect and monitor its email system. If you have questions, you may contact the following toll-free 1-833-758-7004 Monday through Friday, 9:00 a.m. to 9:00 p.m., Eastern Time.

Back to top


 

ESO Solutions, Inc. (“ESO”) provides services to University of Mississippi Medical Center (“UMMC”) related to the transfer of patient data to the state of Mississippi and the Mississippi Trauma Registry. State law requires UMMC, as a Level 1 trauma center, to submit data to the State Trauma Registry regarding all injured patients treated because of a traumatic injury. ESO provides software services that help hospitals improve operations, quality and patient outcomes. For this reason, ESO has certain individuals’ information from when UMMC provided emergency care to them.

ESO recently responded to and addressed a data security incident involving patient information on their systems. ESO is mailing notification letters to some UMMC patients whose information may have been involved in the incident.

According to ESO, it became aware of suspicious activity in its information systems September 2023. Importantly, none of UMMC’s information systems or electronic medical record system was involved in this incident.

The information involved in the ESO incident varied per patient but it may have contained personal information, including names, phone numbers, addresses, and some sensitive personal information and/or protected health information. ESO is mailing letters to affected individuals and while, to date, ESO is unaware of any misuse of the involved information, as a precaution, they are offering complimentary credit monitoring and identity theft protection services to individuals whose Personal Identifiable Information (PII) may have been impacted. Each notification letter sent to impacted individuals includes a list of specific data elements that were impacted as well as resources that they may use to protect themselves.

If you received a letter, your information was determined to be involved in this incident. We recommend you take advantage of the resources we are offering. If you do not receive a notification letter in the coming days, that means that we have not identified you as being someone whose sensitive data was impacted by this incident.

For patients whose information may have been involved, we encourage you to review the statements you receive from your health insurers. If you see services that you did not receive, you should contact the insurer that issued the statement immediately.  

We are committed to the privacy of our patients’ information and sincerely regret any inconvenience or concern this may cause. To help prevent something like this from happening again, Horne advised that it has implemented additional safeguards and technical security measures to further protect and monitor its systems. Representatives are available to assist you with questions regarding this incident, between the hours of 9 am to 6:30 pm, Eastern Time, Monday through Friday, excluding holidays. Please call the help line at (866) 347-8525 with any questions you may have.

Back to top