Data Breach Update: Capital Region Medical Center | Console and Associates, P.C. | #itsecurity | #infosec


On December 17, 2021 discovered an unauthorized party may have gained access to certain employees and patients’ personal, health, and financial information, including Social Security numbers. On March 25, 2022, Capital Region Medical Center began sending data breach notification letters to those individuals affected by the security breach.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. More about what you can do if your data was stolen is available in our prior blog post, “A Guide For Victims of a Data Breach”.

We have obtained a copy of the initial data breach letter issued by Capital Region Medical Center:

Dear [Consumer],

The purpose of this letter is to inform you about an incident that may have exposed your personal information to unauthorized persons.

WHAT HAPPENED

On Friday, December 17, 2021, Capital Region Medical Center (CRMC) experienced a disruption to our network systems. Immediately upon discovering the disruption, CRMC promptly disabled our network as a security measure, initiated an investigation into the incident, and a third-party cybersecurity firm was engaged to assist. Law enforcement was also notified, and on December 23, 2021, notice of the incident was provided to the public. The investigation concluded that an unauthorized third party gained access to files containing personal and health information.

WHAT INFORMATION WAS INVOLVED

While there is no indication that your electronic medical health record was accessed, CRMC has determined that personal and health information relating to CRMC employees was contained in files accessible to the unauthorized third party. Such information including first and last name, date of birth, full mailing address, medical information, health insurance information, Social Security numbers, and driver’s license numbers may have been accessed.

WHAT WE ARE DOING

While there is no evidence of any instances of fraud or identity theft as a result of this incident, out of an abundance of caution, CRMC is notifying you to provide additional information and resources to help protect your information. Because your Social Security number or driver’s license number was involved, CRMC is offering you one year of credit monitoring at no cost. We also recommend that you review any statements that you receive from your health care provider or health insurer. If you see any medical services that you did not receive, please call the provider or insurer immediately.

CRMC takes the privacy and confidentiality of the information it maintains seriously, and deeply regrets that this incident occurred. CRMC continues to evaluate its security practices, and will continue to identify opportunities to implement additional cybersecurity measures.

WHAT YOU CAN DO

Activate your complimentary credit monitoring – To help protect you from fraud or identity theft, we are offering a one-year membership to Experian’s® IdentityWorksSM at no cost. This product helps detect possible misuse of your personal information. To register, please:

Ensure that you enroll by: June 11, 2022 (Your code will not work after this date.)

Visit the Experian IdentityWorks website to enroll: www.experianidworks.com/3bcredit

Provide your activation code:

If you have questions or want an alternative to enrolling in Experian IdentityWorks online, please contact Experian at 877-288-8057 by June 11, 2022 and provide them engagement number B029089.

Remain vigilant – We encourage you to remain vigilant for fraud or identity theft by reviewing your account statements and free credit reports. You can access those reports by visiting www.annualcreditreport.com or calling 1-877-322-8228. If the report is incorrect, you should contact the appropriate consumer reporting agency—Equifax, Experian, or TransUnion.

Review your health statements – Review the statements you receive from your healthcare provider and health insurer. If you see any medical services that you did not receive, please call the provider or insurer immediately.

Consider placing a fraud alert or security freeze on your credit file – Consumer reporting agencies have tools you can use to protect your credit, including fraud alerts and security freezes.

Report suspicious activity – If you believe you are the victim of fraud or identity theft, file a police report and get a copy of the report to submit to your creditors and others who may require proof of a crime to clear up your records.

Equifax

P.O. Box 740241

Atlanta, GA 30374

1-866-349-5191

www.equifax.com

Experian

P.O. Box 9701

Allen, TX 75013

1-888-397-3742

www.experian.com

TransUnion

P.O. Box 2000

Chester, PA 19016

1-800-916-8800

www.transunion.com

Federal Trade Commission

600 Pennsylvania Ave. NW

Washington, DC 20580

(202) 326-2222

www.ftc.gov

FOR MORE INFORMATION

Protecting the privacy of your personal information is important to us, and we regret any inconvenience this incident may cause you. Please know that we are doing everything that we can to assist and guide you through this process. Should you have any questions or concerns, please contact us by calling our dedicated toll-free helpline at 855-618-3184, and one of our representatives will be happy to assist you. Thank you for your understanding and patience.



Original Source link

Leave a Reply

Your email address will not be published.

thirty six − = thirty two