Important Information

for Patients and Families

Important Notice for Patients Regarding
the Breach of Protected Health Information

Maintaining the safety of information about our patients is a top priority of Four Winds Saratoga.  In that regard, we are notifying you about a data security incident that occurred at Four Winds Westchester.  This incident may have impacted certain personal information of Four Winds Saratoga patients.  

What happened?  In September 2020, Four Winds Hospital Westchester was the victim of a ransomware attack that prevented it from accessing its computer systems.  They learned of the attack on September 1st and we were not able to access its computer networks for two weeks. 

How did Four Winds Westchester secure patient data?  They immediately notified NYS and federal law enforcement agencies which began an investigation of the incident and the cybercriminals behind it.   They quickly locked-out the cybercriminals from continuing to access its systems and engaged cybersecurity experts to assist them in responding to the attack.   They obtained evidence that the cybercriminals deleted any files in their possession, although that evidence cannot be independently verified.  Four Winds has taken steps to prevent a reoccurrence. 

What Four Winds Saratoga patient information was involved?  Four Winds Saratoga’s computer systems were NOT accessed and its patient medical record system was NOT accessed.   After the cybercriminal incident was resolved, a file-by-file search revealed that some data files on the Four Winds Westchester computer system contained personal information about Four Winds Saratoga patients.  That information included lists of patients from 1986 to 2019 by name, medical record number, DOB, admission and discharge date, and social security number if that number had been collected at the time of admission.  

What can you do?   To protect yourself from the possibility of identity theft, you can place a fraud alert on your credit files. A fraud alert conveys a special message to anyone requesting your credit report that you suspect you were a victim of fraud. When you or someone else attempts to open a credit account in your name, the lender should take measures to verify that you have authorized the request. A fraud alert should not stop you from using your existing credit cards or other accounts, but it may slow down your ability to get new credit. An initial fraud alert is valid for ninety (90) days. To place a fraud alert on your credit reports, contact one of the three major credit reporting agencies at the appropriate number listed below or via their website. One agency will notify the other two on your behalf. You will then receive letters from the agencies with instructions on how to obtain a free copy of your credit report from each of them.

• Equifax (888)766-0008 or
• Experian (888) 397-3742 or
• TransUnion (800) 680-7289 or

You may obtain a free copy of your credit report once every 12 months by visiting, calling toll-free 877-322-8228 or by completing an Annual Credit Request Form and mailing to:

Annual Credit Report Request Service
P.O. Box 1025281
Atlanta, GA 30348-5283

For more information on “identity theft” you can visit the following websites:

NYS Department of Consumer Protection:
NYS Attorney General:
Federal Trade Commission:

Please know that Four Winds is doing everything it can to protect the further breach of patient information.  If at any point you discover that your Protected Health Information has been used inappropriately, please notify us and we will work with you to make sure the proper authorities are involved.

We deeply regret that our sister hospital in Westchester was a victim of a ransomware attack and apologize for any concern or inconvenience you may experience from this notification.  If you have any questions about this incident please contact Michelle Blanchard, Privacy Officer,
at 1-914-763-8151, ext. 3312.    

Moira Morrissey
Chief Executive Officer