Data Privacy Update: December 18, 2023

NOTICE OF DATA BREACH

The following contains important information about a recent breach by an unknown threat actor of an Erie Family Health Centers (“Erie”) employee’s email inbox that potentially impacted the personal information of certain Erie patients.

 

What Happened

On October 19, 2023, Erie learned that some patients’ personal information may have been compromised by an unknown threat actor illegally accessing one Erie employee’s email account. While Erie’s forensic investigation revealed no evidence that patient information was accessed by the threat actor, out of an abundance of caution, Erie wishes to inform potentially impacted patients about this incident. The breach occurred on October 1, 2023. Erie took steps to ensure that the threat actor could no longer access the employee’s email account and engaged experienced third-party security experts to assist with the incident response and to conduct dark web monitoring. The third-party vendor did not find any evidence that the threat actor viewed or utilized the personal information, nor did the vendor find evidence that the personal information was uploaded to the dark web.

 

What Information Was Involved

For patients who may have been impacted by the breach, the categories of impacted personal information may include your name, date of birth, medical record number, date of service, laboratory test tracking number, and insurance identification number. Erie would like to specifically note that electronic health records, patient charts, and lab test results were not accessible to the threat actor.

 

What We Are Doing

Erie is committed to patient privacy and is taking steps to notify potentially impacted individuals of this breach to ensure transparency. In order to help protect your information, we have taken the following steps: · Erie will cover the cost for one year for potentially impacted patients to receive credit monitoring from Norton LifeLock. To take advantage of this offer, please contact us at the number provided below; · Erie added additional computer security protections and protocols to ensure that your personal information is protected from unauthorized access; · Erie provided additional training to its workforce on security best practices and updated its response process for security alerts; · Erie notified the U.S. Department of Health and Human Services, Office for Civil Rights, of this incident, as well as the Illinois Attorney General; and · Notified the local media to ensure that all potentially impacted individuals are aware of the breach.

 

What You Can Do

While Erie is providing this notice describing the incident, we do not believe that any unauthorized person has either viewed or used patients’ information. To be on the safe side, potentially impacted patients should take normal precautionary steps to make sure no unauthorized person has wrongfully used your personal information, including checking their mail, email, phone calls, bank accounts and health insurance statements for any suspicious activity. Please note that you can obtain information on fraud alerts and security freezes from the following sources: · Experian: (888) 397-3742; www.experian.com; National Consumer Assistance, P.O. Box 9554, Allen, TX 75013 · TransUnion: (800) 680-7289; www.transunion.com; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016-2000 · Equifax: (800) 525-6285; www.equifax.com; Fraud Victim Assistance Department, Consumer Fraud Division, P.O. Box 105788, Atlanta, GA 30348-5788 If a patient thinks that their personal information is being improperly used, they can also contact local law enforcement to file a police report. Finally, patients can contact the Federal Trade Commission (“FTC”) at 1-877-ID THEFT (877-438-4338) or review the information on identity theft promulgated by the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/.

 

For More Information

If you have any additional questions about this incident, please contact us at 800-934-7208 or send an email to privacy@eriefamilyhealth.org.