Legal Notice Regarding ESHA Data Security Incident

health news

FORT WORTH, Texas, Nov. 22, 2024 /PRNewswire/ — ESHA, Inc (“ESHA”) provide certain revenue cycle management services to healthcare providers, including Aamir Zuberi, M.D. P.A., Acton Medical Clinic, Adil M Choudhary, M.D., P.A., Apex Wound Care, Benecia Williams, D.O., Farrukh Bhatti, Dr. Lan Le, Hanane Chichane, MD PA, ID Experts, PLLC, iMedicine & Primary Care Associates PLLC, Imran Patel, Johnna Jones, D.O., FACOS PA, Khalid Bazir, M.D., Lung & Sleep Specialists of North Texas, Medical Associates of North Texas, Meria Aulds, M.D., P.A., North Texas Lung & Sleep Clinic PA, The Lung Consultants LLC, Trinity Heritage, PLLC, Valor Interventional Pain LLC, Hayden Smith, Omar Selod, Austen Watkins, Gastroenterology Center PA, TCIDA Pharmacy, Texas Center Infectious Disease Association, and Premier Gastroenterology of Texas (collectively “the Facilities”).  ESHA recently identified and addressed a security incident that may have involved personal information and/or protected health information of the current, former or prospective residents and/or staff members of the Facilities.  ESHA began providing notice on November 15, 2024 to all individuals potentially impacted by this incident.  This notice describes the incident, outlines measures that ESHA has taken in response, and advises potentially impacted individuals on steps that they may take to further protect their information.  This notice constitutes substituted services for those clients whom ESHA does not have sufficient contact information to make individual notice as required under applicable law. 

On July 19, 2024, ESHA became aware of a data security incident, including ransomware, which impacted its server infrastructure and took its systems offline.  ESHA immediately undertook efforts to restore its servers and undertook additional affirmative steps to safeguard the security of data maintained on its systems.  ESHA also simultaneously retained a forensic investigation firm to determine the nature of the security compromise and identify any individuals whose information may have been compromised.

The forensic investigation determined that access to ESHA’s systems occurred on approximately July 13, 2024 through July 17, 2024.  The investigation also identified certain files that may have been accessed or acquired in connection with the incident.  In continuing its thorough investigation, ESHA undertook a comprehensive manual review process to review these files and identify the specific individuals with personal information and/or protected health information contained therein.  This comprehensive manual review process concluded on or about September 16, 2024.

As stated above, following the data security incident, ESHA immediately undertook all efforts to restore its servers, and also undertook additional affirmative steps to safeguard the security of data maintained on its systems.  ESHA retained a forensic investigation firm to thoroughly investigate the incident and are providing notification to all individuals whose personal and/or protected health information may have been accessed and/or acquired in connection with the incident in an abundance of caution.  ESHA has obtained confirmation to the best of its ability that the information is no longer in possession of the third party(ies) associated with this incident, and it is entirely possible that any specific personal and/or protected health information was not compromised as a result of the incident.  Nonetheless, ESHA has also offered to the impacted individuals access to complimentary credit monitoring. Please be advised that we are continuing to work closely with leading security experts to identify and implement measures to further strengthen the security of ESHA’s systems to help prevent this from happening in the future. 

Individuals who have received a notification or who believe that they may have potentially been impacted by this incident are invited to contact 888-458-5630 between the hours of 9:00am to 9:00pm EST, Monday through Friday.  ESHA and the Facilities understand the importance of protecting the protected health information and personal information maintained on its systems and deeply regrets any concern that this may have caused the potentially impacted individuals.   

Cision View original content:https://www.prnewswire.com/news-releases/legal-notice-regarding-esha-data-security-incident-302313317.html

SOURCE ESHA, Inc.