Wednesday, December 7, 2022
  Local News     Videos     Sports  
St. Luke’s Warns Patients of Data Breach
Click to Listen
Thursday, July 28, 2022


Some St. Luke’s patients could receive a letter in the mail in the coming days encouraging them to take steps against a possible cybersecurity breach.

St. Luke’s Health System was recently informed by one of its business vendors of a cybersecurity incident that occurred in late May 2022. St. Luke’s has had a contract with the vendor to provide statement processing and billing services.

The vendor determined in June 2022 that an unauthorized actor obtained personal information about some patients and members of certain customers. On July 6, St. Luke’s learned that protected health information of patients who were billed in May 2022 for St. Luke’s services could have been accessed as part of this vendor’s cybersecurity incident. While the investigation is ongoing, St. Luke’s has expedited the notification process to communicate now with those who may have been impacted.

There is no evidence at this time that the unauthorized actor has misused this information. Those identified as involved will be personally notified by St. Luke’s through a mailed letter.

Information that may have been compromised includes: the guarantor’s name, address, phone number and ID number, the patient’s first and last name, date of birth, last five digits of the social security number, description of services received, date(s) and location of services received, provider name and patient account number. Financial information that may have been compromised includes the amount billed for services, any outstanding balance, payment due dates and status of the payment account. 

“St. Luke’s takes its responsibility to safeguard personal and protected health information very seriously,” said Dave Self, senior vice president and chief administrative officer at St. Luke’s. “To best protect our patients, we have suspended all processing activities with this vendor. St. Luke’s Cyber Security and Compliance teams are working closely with the vendor on this investigation.

Self encouraged those patients who receive a letter in the mail in the coming days to utilize the complimentary identity theft protection services being offered to them and enroll in credit and Cyberscan security monitoring.

The vendor has engaged the FBI and contracted with an external forensics firm to better understand the incident and has implemented improved security measures to prevent a similar incident in the future.  


St. Luke’s has engaged data breach and recovery service experts to ensure the highest level of protection for patients who may have been impacted by this incident. Through this partnership, St. Luke’s is offering the following complimentary protection services:  

  • Identity theft protection services.
  • 12 months of complimentary credit and CyberScan dark web monitoring.  
  • $1,000,000 insurance reimbursement policy.
  • Call center support to answer questions and help those affected enroll in free identity protection services.


A call center will be activated at 4 p.m. today—Thursday, July 28.  Additional information will be available by calling 1-833-423-2976 through this call center, which will be available from 7 a.m. to 7 p.m. Monday through Friday.



~  Today's Topics ~

‘The Drowsy Chaperone’ Spotlights Young People’s Talents
Sun Valley Super Tour to Feature Top Nordic Racers
Sun Valley Museum of Art Hosts Last Dam Tour

The only online daily news media service in the Wood River Valley. We are the community leader, publishing 7 days a week. Our publication features current news articles, local sports and engaging video content in Sun Valley, Idaho.

Karen Bossick / Michael Hobbs

Leisa Hollister
Director of Marketing & Public Relations

P.O. Box 1453, Ketchum, ID 83340

© Copyright 2022 Eye on Sun Valley