Healthcare Resource Group, Inc. Provides Notice of a Data Breach for Additional Covered Entity

SPOKANE VALLEY, Wash., May 11, 2020 /PRNewswire/ — Healthcare Resource Group, Inc. (“HRG”) is providing notice on behalf of Orleans Community Health (“Orleans”) of an incident that may affect the security of certain personal information relating to current and former Orleans patients. This notice is regarding the same event which HRG provided notice of on April 7, 2020.  Since April 7, 2020, HRG received approval from Orleans to provide this notice on behalf of Orleans.  While, to date, HRG has no evidence of actual misuse of the information present in the account, in an abundance of caution, HRG is providing notice of this event.

HRG provided medical billing services to Orleans. On December 31, 2019, HRG determined that an HRG employee’s email account was subject to unauthorized access between November 4, 2019 and November 30, 2019. HRG was unable to determine what, if any, emails and attachments within the account were subject to unauthorized access.  HRG was only able to confirm that the email account was subject to unauthorized access.  HRG then enlisted the services of a third-party firm to review the contents of the email account in order to determine whether it contained any sensitive information. The time-intensive review of the email account concluded on February 27, 2020.  Through this review, HRG determined that certain patient records belonging to Orleans were present in the account at the time of the unauthorized access. HRG notified Orleans about the event on March 11, 2020.  At this time, HRG is unaware of any actual misuse of the personal information as a result of this event.

The information potentially impacted by this event varied by individual but included first and last names and one or more of the following data elements: Social Security number, driver’s license number, date of birth, medical record number, patient account number, treatment information, health insurance information, and medical billing or claims information.

On April 7, 2020, HRG began mailing notice letters to affected individuals for whom it has address information. On [date], HRG mailed notice letters to the patients who sought services from Orleans for whom it has address information after receiving approval from Orleans to do so.  The notice letter includes an offer of access to 12 months of credit monitoring and identity theft restoration services at no cost to the individual. In addition, the notice encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to their insurance company, health care provider, or financial institution. Orleans is providing potentially impacted individuals information on obtaining a free credit report annually from each of the three major credit reporting bureaus by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 1-800-685-1111, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289, www.transunion.com . Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.  Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General.  HRG, on behalf of Orleans, provided notice of this incident to the U.S. Department of Health and Human Services (HHS), as well as required state regulators. 

HRG takes this incident and security of personal information in its care seriously. HRG moved quickly to investigate and respond to this incident, assess the security of relevant HRG systems, and notify potentially affected individuals. In response to this event, HRG is reviewed and enhanced existing policies and procedures. HRG reported this incident to law enforcement and relevant regulatory authorities.  HRG and Orleans are also notifying potentially impacted individuals so that they may take further steps to protect their information, should they feel it is appropriate to do so. 

Individuals seeking additional information regarding this incident can write to compliance@medinamemorial.org for additional information.

 

View original content:http://www.prnewswire.com/news-releases/healthcare-resource-group-inc-provides-notice-of-a-data-breach-for-additional-covered-entity-301056936.html

SOURCE Healthcare Resource Group, Inc.