MORGANTOWN, W.Va. – A letter from Mon Health System warned patients of a possible leak of personal information due to an email phishing incident within two affiliate hospitals.

According to the letter which was dated Dec. 21, Mon General Hospital in Morgantown and Stonewall Jackson Memorial Hospital in Weston were both affected. On Oct. 29, Mon Health determined that unauthorized access to emails and email attachments may have taken place in several Mon Health email accounts.

The letter stated that the system first became aware of the incident on July 28 after a payment issue was reported. Since then, Mon Health launched an investigation involving law enforcement and a third-party investigation firm. The investigation determined that “unauthorized individuals had gained access to a Mon Health contractor’s email account and sent emails from the account in an attempt to obtain funds from Mon Health through fraudulent wire transfers,” according to the letter.

The email accounts in question have been secured and the passwords have been changed. According to the letter, the investigation revealed that the incident was limited to emails and “did not involve Mon Health’s electronic health records systems,” and “did not disrupt the service or operations of Mon Health or its affiliated hospitals.”

The release stated that the incident may affect emails sent between May 10, and Aug. 15, 2021. Although the letter said that officials believe the purpose of the unauthorized access was to access Mon Health funds and “not to access personal information,” they warn that the following patient information that was in emails between those dates may have been accessed:

  • Name
  • Medical record number
  • Address
  • Date of birth
  • Patient account number
  • Health insurance plan member ID number
  • Dates of service
  • Provider names
  • Claims information
  • Medical and clinical treatment information
  • Status as a current or former Mon Health patient

The letter also said that in order to prevent future similar incidents, Mon Health is enhancing security protocols and practices including adding multi-factor authentication for remote email access.