Notification to Patients of Potential Security Breach
On September 4, 2017, Brevard Physician Associates was the victim of an early morning burglary and became aware of a potential breach of the personal health information of 7,976 patient records. Patients affected by this potential breach of personal health information have been sent letters via first class mail and via e-mail.
On Labor Day morning, September 4, 2017, our office received notification that our security alarm had been tripped. Police responded to the security alarm and cleared the building. Later that morning an employee discovered three computers missing from our office. Police were again dispatched to our office; a forensic investigation was conducted by the police and a police report was filed. Unfortunately, one of the three computers contained five audit files which when combined contained 7,976 patient records. The information contained on these audit files included: patient names; the names of patients’ insurance providers; the amount charged for the services provided; and the CPT codes of the services provided. Importantly, the information on these audit files did not include patient addresses, dates of birth, telephone numbers, social security numbers, insurance ID numbers, or financial information. We believe that the information contained on the stolen computers presents a minimal risk of future identity theft or financial fraud. All three computers were password protected with strong passwords. Additionally, all of the data from all three computers will be automatically deleted upon their connection to the internet.
Although we believe there is minimal exposure for harm to the affected patients, we recommend that they take immediate steps to protect themselves from any potential privacy and financial harm by:
- Registering a fraud alert with the three credit bureaus (listed below) and order credit reports (we have notified the three credit bureaus of the breach)
- Experian: (888) 397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
- Trans Union: (800) 680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
- Equifax: (800) 525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
- Monitoring their account statements, explanations of benefits, and credit bureau reports closely.
Brevard Physician Associates have taken these steps to protect its patients’, personal information from further harm or similar circumstances:
- All data from the stolen computers will be automatically wiped upon being connected to the internet;
- BPA filed a police report and the police have performed a forensic investigation of the crime scene;
- We have enhanced the security at our office and have put additional policies in place to ensure the office is appropriately secured in the future.
Brevard Physician Associates is offering affected patients 12-months of free credit monitoring service. To take advantage of this offer affected patients can visit enroll.allclearid.com or call the toll free hotline at 1-855-904-5754 Monday through Saturday from 8:00 a.m. to 8:00 p.m. CT Affected patients should note that the free credit monitoring is not automatic and affected patients must enroll to receive this service.
Patient privacy is very important to us and we will continue to do everything we can to correct this situation and help prevent incidents such as this from happening in the future.