Substitute Public Notice of Data Breach
Dear PathGroup Patients:
We are providing this public notice as a part of our commitment to privacy and to make you aware of an incident involving the unauthorized disclosure of personally identifiable information that we discovered during one of our internal data security audits. We have extensive policies, procedures and employee training in place to prevent these types of situations, but unfortunately human error was at issue in this case.
What Happened? On December 7, 2016, as a part of our proactive information security testing and auditing procedures, we learned that a PathGroup employee improperly made 1,456 patients’ personal information accessible through the internet. The data was uploaded to the internet on January 29, 2016 and, as a result, became available for third party access. We have not received any report that anyone outside our organization has actually used the Patient’s information for an improper purpose. Upon discovery, we immediately removed the information from the internet. PathGroup has mailed notification letters to each of the individuals whose information was involved; however, several of these letters were returned to us with no forwarding address. Therefore, we are providing this additional Notice to alert our patients of this incident.
What Information Was Involved? For the 1456 patients involved, the following information was posted: Patient’s first and last name, date of birth, social security number, gender, payment guarantor relationship and name, service date, state of residency, amount charged and PathGroup’s record, invoice, and account numbers. No medical or clinical information was exposed.
What Are We Doing? We took this matter very seriously. We immediately had the information deleted from the internet. In order to help mitigate potential harm, we hired an experienced IT team to investigate this issue and determine the extent of the potential breach. We are also in the process of retraining employees regarding our stringent policies, and the employee who caused this situation is no longer with our company. We are also offering free credit monitoring services to those affected.
What Else Should You Do if You Believe You are Affected? Call the toll free number below to ask if your information was involved. If it was, apply for free credit monitoring and refer to the next page of this letter for additional steps you should take.
For More Information. Call toll free at 1-844-562-9630 between the hours of 9 a.m. – 9 p.m. EST Monday through Friday if you have any questions or are concerned that your information was involved. We sincerely apologize that this happened.
Louis D. Suttle, EVP Corporate Administration & Compliance
ACTIONS TO HELP REDUCE CHANCES OF IDENTITY THEFT
- REMAIN VIGILANT AND Place a 90-Day Fraud Alert on Your Credit file
An initial 90 day security alert indicates to anyone requesting your or the Patient’s credit file that you suspect you are a victim of fraud. When you or someone else attempts to open a credit account in your or the Patient’s name, increase the credit limit on an existing account, or obtain a new card on an existing account, the lender should takes steps to verify that you have authorized the request. If the creditor cannot verify this, the request should not be satisfied. You may contact one of the credit reporting companies below for assistance.
- PLACE A SECURITY FREEZE ON YOUR CREDIT FILE
If you are very concerned about becoming a victim of fraud or identity theft, a security freeze might be advisable. Placing a freeze on your and the Patient’s credit report will prevent lenders and others from accessing your credit report in connection with new credit application, which will prevent them from extending credit. A security freeze generally does not apply to circumstances in which you have an existing account relationship and a copy of your report is requested by your existing creditor or its agents or affiliates for certain types of account review, collection, fraud control or similar activities. With a Security Freeze in place, you will be required to take special steps when you wish to apply for any type of credit. This process is also completed through each of the credit reporting companies.
- Order Your Free Annual Credit Reports
Visit www.annualcreditreport.com or call 877-322-8228.
Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
- MANAGE your personal information
Take steps such as: carrying only essential documents with you; being aware of whom you are sharing your personal information with and shredding receipts, statements, and other sensitive information.
- USE TOOLS FROM CREDIT PROVIDERS
Carefully review your credit reports and bank, credit card and other account statements. Be proactive and create alerts on credit cards and bank accounts to notify you of activity. If you discover unauthorized or suspicious activity on your credit report or by any other means, file an identity theft report with your local police and contact a credit reporting company.
- Obtain more INFORMATION about identity theft and ways to protect yourself
- Visit http://www.experian.com/credit-advice/topic-fraud-and-identity-theft.html for general information regarding protecting your identity.
- The Federal Trade Commission has an identity theft hotline: 877-438-4338; TTY: 1-866-653-4261 and provides information on-line at ftc.gov/idtheft