Christie Clinic Provides Notice of Data Event

17
Christie Clinic Provides Notice of Data Event-01

Christie Business Holdings Company, P.C. (“Christie Clinic”) is providing notice of a recent event that may affect the privacy of certain patient information.  In an abundance of caution, Christie Clinic is notifying potentially impacted individuals so that they may take additional steps to better protect their personal information, should they feel it is appropriate to do so. Christie Clinic does not have any evidence of identity theft or misuse of personal information as a result of this incident, however Christie Clinic takes this incident seriously, and this statement provides details of the incident, our response, and steps individuals may take to better protect against possible misuse of their information, should they feel it appropriate to do so.

Christie Clinic recently discovered suspicious activity related to one of its business email accounts. This event did not impact Christie Clinic’s computer systems, electronic medical record, MyChristie patient portal, or patient care. The suspicious activity was occurring with respect to only a single user email account. Christie Clinic promptly launched an internal investigation to determine the nature and scope of this incident, and contacted federal law enforcement and worked with them to mitigate the impact of the unauthorized access to the email account. Christie Clinic also engaged a leading data forensics firm, and on January 27, 2022, Christie Clinic’s investigation confirmed that there was an unauthorized access to the affected email account from July 14, 2021 to August 19, 2021. The investigation indicated that the purpose of the unauthorized access was to intercept a business transaction between Christie Clinic and a third-party vendor.  This investigation was unable to determine if email messages in the account were actually viewed or accessed by an unauthorized actor. As a result, Christie Clinic undertook a review to identify the full scope of information that could have been contained in the affected email account to determine whether protected information was potentially impacted. On March 10, 2022, Christie Clinic’s review determined that the impacted account MAY have contained certain information related to certain individuals. Christie Clinic’s analysis revealed that the types of information held by Christie Clinic and potentially in the affected email account MAY include name and: address, Social Security number, medical information, and health insurance information. On March 25, 2022, Christie Clinic provided written notice to all affected individuals whose information was identified in its review.

Also Read: Four Ways Organizations can Address Cloud Security Risks

Christie Clinic takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, Christie Clinic notified federal law enforcement, steps were taken to secure the impacted account and Christie Clinic immediately commenced an investigation to confirm the nature and scope of the incident.  Christie Clinic has taken steps to implement additional safeguards for Christie Clinic and its patients. Christie Clinic already employs industry-leading network security solutions and performs regular and ongoing data security and privacy training.

Christie Clinic encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report, place a fraud alert, or a security freeze. Contact information for the credit bureaus is below.

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you will need to provide the following information:

  1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. Addresses for the prior two to five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.); and
  7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.

Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:

Equifax

Experian

TransUnion

1-800-685-1111

1-888-397-3742

1-800-680-7289

www.equifax.com

www.experian.com

www.transunion.com

P.O. Box 105069, Atlanta, GA, 30348,

P.O. Box 2002, Allen, TX 75013,

P.O. Box 2000, Chester, PA 19016

Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General.

Christie Clinic wants to assure those who may be impacted that it takes the responsibility to safeguard protected health information very seriously. Christie Clinic deeply regrets any inconvenience or concern this incident may cause you. If you have any additional questions or concerns, please contact the Christie Clinic dedicated assistance line at (866) 915-5006 (toll free).

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.