Carolinas HealthCare System
Print This Page Print    Email to a Friend Email
E-Mail Incident Involves Some Patient Information - Archived

Carolinas HealthCare System is notifying approximately 5,600 patients of Carolinas Medical Center-Randolph (CMC-Randolph) whose private information may have been breached by an unauthorized electronic intruder and approximately 700 additional patients of the affected provider as a precautionary measure even though no evidence has been found that their information was obtained by the intruder. The intruder obtained incoming and outgoing emails from a provider’s account without the provider’s or the hospital’s knowledge. 

The security breach was discovered on October 8, 2012 following an upgrade in the hospital’s security software.  Based on the investigation, the intruder obtained emails from the provider’s account between March 11, 2012 and October 8, 2012.  Upon discovery of the breach, immediate steps were taken to prevent further access by the intruder to the affected email account.  Carolinas HealthCare System hired a forensic investigator and notified federal law enforcement of the incident. 

Based on information discovered through the investigation, most of the obtained emails did not contain patient information.  While only five emails contained social security numbers, a number did contain some medical and other patient information.  The emails appear to include one or more of the following: patient names, dates and times of service, provider and facility names, internal hospital medical record and account numbers, dates of birth, and treatment information, such as diagnosis, prognosis, medications, results and referrals.  Potentially affected patients have been sent personal letters explaining the type of information involved.

At this time, Carolinas HealthCare System has no evidence that the information has been misused, and based on the investigation, no other email accounts or other computer systems (including the electronic medical records system) were found to have been affected by this incident.   

 Carolinas HealthCare System has taken several measures to ensure this intrusion is contained and to prevent similar incidents from happening again, including implementing additional security safeguards to prevent unauthorized intrusions and continuing to actively monitor systems for unusual activity. The U.S. Department of Health and Human Services and the North Carolina Attorney General are being notified of the incident.

As a precautionary measure, Carolinas HealthCare System is offering affected patients free credit monitoring and insurance services through AllClear ID, a company that specializes in this area.  Patients with questions or who would like additional information can call 1-877-313-1404, or visit  Information about this incident is posted on the “News & Events” tab of the website.   Patients are also encouraged to regularly monitor their credit reports and may wish to place fraud alerts on their credit file and take other precautionary measures.  Additional information on how to protect against identity theft is located at and in the patient letters.

Reference Guide

We encourage you to review the following information about how to monitor and protect against unauthorized use of personal information:

Keep a Copy of the Letter.  We recommend you keep a copy of our notification letter and this reference guide in case you need it in the future.

Monitor Your Personal Health Information.  We recommend that you regularly review the explanation of benefits statement that you receive.  If you do not receive regular explanation of benefits statements, contact your provider or plan and request them.  You may want to order copies of your credit reports and check for any medical bills that you do not recognize.  If you find anything suspicious, call the credit reporting agency at the phone number on the report.  You may also want to request a copy of your medical records from CMC-Randolph.  If you see any service that you believe you did not receive or anything suspicious, please contact us immediately at 1-800-821-1535.

Order Your Free Credit Report.  You are entitled under U.S. law to one free credit report annually from each of the three national credit bureaus. To order your free annual credit report, visit, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.  The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

When you receive your credit reports, review them carefully. Look for accounts or creditor inquiries that you did not initiate or do not recognize. Look for information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand or that is suspicious, call the credit reporting agency at the telephone number on the report immediately.  If you detect any unauthorized transactions in your financial account, you should also promptly notify your payment card company or financial institution.  You may also consider calling your local law enforcement and filing a police report. Even if you do not see any signs of fraud on your reports, we recommend you check your credit report periodically for the next year. 

Place a Fraud Alert on Your Credit File.  To protect yourself from possible identity theft, you should consider placing a fraud alert on your credit file.  A fraud alert helps protect you against the possibility of an identity thief opening new credit accounts in your name.  When a merchant checks the credit history of someone applying for credit, the merchant gets a notice that the applicant may be the victim of identity theft.  The alert notifies the merchant to take steps to verify the identity of the applicant.  You can place a fraud alert on your credit report by calling any one of the toll-free fraud numbers provided below.  You will reach an automated telephone system that allows you to flag your file with a fraud alert at all three credit bureaus.



P.O. Box 740241

Atlanta, Georgia 30374-0241




P.O. Box 9532

Allen, Texas 75013




Fraud Victim Assistance Division

P.O. Box 6790

Fullerton, California 92834-6790


You may also wish to consider credit freezes, also known as security freezes, so that no new credit can be opened without additional information from you.  Using a credit freeze may affect your ability to obtain credit, and there may be fees involved.  Please contact the credit bureaus for additional information about credit freezes.   

Contact the U.S. Federal Trade Commission.  If you detect any incident of identity theft or fraud, promptly report the incident to your local law enforcement authorities, your state Attorney General and the FTC.  If you believe your identity has been stolen, the FTC recommends that you take these additional steps:

  • Close the accounts that you have confirmed or believe have been tampered with or opened fraudulently. Use the FTC’s ID Theft Affidavit (available at when you dispute new unauthorized accounts.
  • File a local police report. Obtain a copy of the police report and submit it to your creditors and any others that may require proof of the identity theft crime.

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338)

For Residents of North Carolina. You may also obtain information about preventing and avoiding identity theft from the North Carolina Attorney General’s Office:  North Carolina Attorney General’s Office, Consumer Protection Division, 9001 Mail Service Center, Raleigh, N.C.  27699-9001, 1-877-5-NO-SCAM,