At the end of January 2024, Allina Health was alerted to a concern involving a former Allina Health employee and began an investigation. On March 7, 2024, we determined that while employed by Allina Health, this individual inappropriately accessed certain health information of some patients.
It is important to note that this was not a cybersecurity attack.
While the information affected may vary by individual, Allina Health determined that the information affected may have included:
Allina Health is committed to protecting your privacy and understands that these types of events can cause concern. We recently implemented a more robust access monitoring system to audit employees' access to the electronic medical record and we continue to evaluate opportunities to enhance this system.
We cannot comment on potential legal matters.
We have sent communication to individuals whose information may have been involved.
Allina Health has notified those impacted by this incident. In addition, there is a link to the notice on AllinaHealth.org which will be in place for 90 days and a news release was sent out to relevant media outlets.
Allina Health notified the federal Office for Civil Rights of this incident.
We are providing those individuals impacted a complimentary two-year membership of credit monitoring/identity protection services. Information about enrolling for these services can be found in the notification letter.
We recommend that you regularly review the explanation of benefits provided by your health care insurer, credit card statements, and bank accounts for suspicious activity. Any unusual service or charge should be reported to the appropriate financial institution, insurer, or health care program immediately. If you suspect that someone is using your personal information to obtain medical services or incur charges without your permission, please report this to the local police department immediately.
Patients who may have been impacted can call 888-387-9415888-387-9415 Monday – Friday from 8:00 AM to 6:00 PM (Central Time), beginning Monday, May 6, 2024.
You may file a complaint with the Allina Health Compliance and Privacy by writing to the following address:
Allina Health
Compliance and Privacy
Mail Route 10839
P.O. Box 43
Minneapolis, MN 55440-0043
If you would like to submit an additional complaint to the Office for Civil Rights you can submit your complaint on their website: (http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html), by email OCRComplaint@hhs.gov, or by mail:
Centralized Case Management Operations