Data Incident - Best Urologist in NYC | University Urology
Notice of Data Securitv Incident
www.universityurology.com - May 1, 20231 - University Urology ("UU") experienced a data security incident that may involve the personal and protected health information of some individuals it serves. UU takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened: On or around February 1, 2023, UU detected suspicious activity in its environment. In response, UU immediately engaged a law firm specializing in cybersecurity and data privacy to investigate further. Additionally, UU engaged third-party cybersecurity specialists to assist UU in its analysis of any unauthorized activity. The investigation, which concluded on March 3, 2023, revealed that an unauthorized actor gained access to personal health information stored in UU's system. Based on these findings, UU performed manual review of its patient list to identify all individuals impacted by this incident. On March 30, 2023, UU engaged a vendor to assist with mailing notice letters to all individuals, setting up a call center, and providing credit monitoring and identity theft protection services. At this time, UU is not aware of any individual's information that was misused
What Information Was Involved: While we have no reason to believe that information has been misused as a result of this incident, we are notifying individuals for purposes of full transparency. The information subject to unauthorized access varied by individual. Based on a review of the files, the unauthorized party may have had access to: first and last name, address, date of birth; username/email in combination with a password or security question/answer that would permit access; medical condition, medical treatment; medical test results; prescription information; health insurance policy number; subscriber identification number; health plan beneficiary numbers; billing/invoice. No social security number or financial account information was compromised in this incident.
What We Are Doing: UU is committed to ensuring the security and privacy of all personal information in its control, and is taking steps to prevent a similar incident from occurring in the future. Upon discovery of the Incident, UU moved quickly to investigate and respond to the Incident, and assessed the security of its systems. Specifically, UU deployed SentinelOne agents for 30 days which allowed the cybersecurity firm's security operations center (SOC) to monitor the environment 24/7 for indications of compromise and other malicious activity; reset all passwords; exported backup data of all critical systems; removed all unauthorized remote access tools; limited remote access to authorized personnel; deleted/removed all persistence mechanisms; banned any identified malicious files from the environment.
Although UU is not aware of any actual or attempted misuse of the affected personal information, UU has offered twelve to twenty-four months of complimentary credit monitoring and identity theft restoration services to all individuals whose personally health information may have been impacted to help protect their identity.
What You Can Do: UU encourages all individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious or unauthorized activity. Additionally, individuals should contact their financial institution and all major credit bureaus to inform them of the incident and then take whatever steps are recommended by these institutions, which may include placing of a fraud alert on the individual's account.
www.universityurology.com - May 1, 20231 - University Urology ("UU") experienced a data security incident that may involve the personal and protected health information of some individuals it serves. UU takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened: On or around February 1, 2023, UU detected suspicious activity in its environment. In response, UU immediately engaged a law firm specializing in cybersecurity and data privacy to investigate further. Additionally, UU engaged third-party cybersecurity specialists to assist UU in its analysis of any unauthorized activity. The investigation, which concluded on March 3, 2023, revealed that an unauthorized actor gained access to personal health information stored in UU's system. Based on these findings, UU performed manual review of its patient list to identify all individuals impacted by this incident. On March 30, 2023, UU engaged a vendor to assist with mailing notice letters to all individuals, setting up a call center, and providing credit monitoring and identity theft protection services. At this time, UU is not aware of any individual's information that was misused
What Information Was Involved: While we have no reason to believe that information has been misused as a result of this incident, we are notifying individuals for purposes of full transparency. The information subject to unauthorized access varied by individual. Based on a review of the files, the unauthorized party may have had access to: first and last name, address, date of birth; username/email in combination with a password or security question/answer that would permit access; medical condition, medical treatment; medical test results; prescription information; health insurance policy number; subscriber identification number; health plan beneficiary numbers; billing/invoice. No social security number or financial account information was compromised in this incident.
What We Are Doing: UU is committed to ensuring the security and privacy of all personal information in its control, and is taking steps to prevent a similar incident from occurring in the future. Upon discovery of the Incident, UU moved quickly to investigate and respond to the Incident, and assessed the security of its systems. Specifically, UU deployed SentinelOne agents for 30 days which allowed the cybersecurity firm's security operations center (SOC) to monitor the environment 24/7 for indications of compromise and other malicious activity; reset all passwords; exported backup data of all critical systems; removed all unauthorized remote access tools; limited remote access to authorized personnel; deleted/removed all persistence mechanisms; banned any identified malicious files from the environment.
Although UU is not aware of any actual or attempted misuse of the affected personal information, UU has offered twelve to twenty-four months of complimentary credit monitoring and identity theft restoration services to all individuals whose personally health information may have been impacted to help protect their identity.
What You Can Do: UU encourages all individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious or unauthorized activity. Additionally, individuals should contact their financial institution and all major credit bureaus to inform them of the incident and then take whatever steps are recommended by these institutions, which may include placing of a fraud alert on the individual's account.
