DVCH OUTAGE

On February 21st Delaware Valley Community Health was alerted to the fact that our Call Center Third – Party Vendor Change Healthcare was experiencing a network hack and had to disconnect all of their systems to prevent further spread of the breach.

With Change Healthcare disconnecting their systems this immediately took down our Call Centers at many of our locations because their agents that we contract with could not answer our incoming calls affecting patients’ ability to contact us directly.

a. Upon learning of the network breach, we immediately disconnected our systems from theirs to protect our patient’s information and our systems from spread.

b. We immediately re-routed the calls to our internal staff and set up voicemails to handle the influx of calls and requests.

c. We reached out to Change Healthcare representatives.

From United Health Group’s (Change Healthcare’s parent company) website. A review of the data is underway by a leading forensics expert. At this time, we know that the data had some quantity of personal health information and personally identifiable information. We are working to determine the quantity of impacted data, and we are fully committed to providing notifications to impacted individuals when determinations are able to be made — and will work with the Office of Civil Rights and our customers in doing so.

Right now, there are longer than normal wait times for all incoming calls and we are doing our best to handle the large volume of requests. There is also the potential that you will need to call a few times to get through to our health centers.

a. We are creating a temporary internal call center to centralize the incoming calls and adding additional staff dedicated to answering your calls. Pending launch date of Mid-June 2024.

b. In addition, our NEW patient portal is an option for patients to communicate with us and your care team to avoid the long phone times. Some of the items you can accomplish on our Patient Portal are:

1. 1. Refill Requests
   2. Send direct messages to your Care Team
   3. See lab results
   4. Self – schedule appointments

a. Following the breach, comprehensive security measures were promptly implemented to fortify the system’s defenses. These measures included heightened encryption protocols, regular security audits, and strict access controls.

b. In addition, we have contracted with a Third-Party Cyber Security vendor to scan our internal systems to make sure we do not see any evidence of a breach of our systems.

a. We have and continue to verify our systems are secure and your patient information in our systems has not been breached currently.

b. We have contracted with a Third-Party Cyber Security vendor to scan our internal systems to make sure we do not see any evidence of a breach of our systems.

c. We have verified that both our production and backup systems are free from malicious hackers currently.

a. We have been utilizing our HIPAA compliant text messaging system to let patients know that there will be longer than normal hold times for our phones.

b. We have been sending messages through our Patient Portal to invite patients to utilize its features for communicating with us.

c. Establishing this FAQ’s page as of today 5.13.24 that will be continually updated when applicable.

As of today 5.13.24, there is no evidence of unauthorized or malicious activity in DVCH’s internal systems. Through thorough investigation by our third – party security vendor, no evidence of malicious activity has been uncovered, reassuring stakeholders about the integrity of the system.

a. More information will be made available as we continue to learn more about this breach from United Health Group.

b. United Health Group has released this website for information: https://www.changehealthcare.com/hipaa-substitute-notice

c. You can also reach a DVCH staff member by email at [email protected]