Important Notice About a Data Breach Otolaryngology Associates
pOn February 17 2024 through alerts on its systems OA became aware that we were the victim of a criminal cyberattack OA discovered the attack within hours after it began and OAs vendor took immediate steps to try to stop the attack OA has had continuous access to its systems and was never locked out of its systemsppOn February 20 and 21 2024 the attacker sent three communications claiming to have stolen some of our data and threatening to release the stolen data publically We promptly took steps to further secure our information systems and investigate the incident including contacting the FBI and hiring a forensic cybersecurity response firm As a result of the investigation it was ultimately determined that the attacker did not view individual documents but ran programs to exfiltrate take some data from OA systemsppWhile the investigation narrowed down which data might have been taken it could not definitively determine which specific documents in that subset of data may have been taken As a result OA could not rule out the possibility that Protected Health Information PHI and personal information of OA patients and staff may have been compromised during the attackppThe hacker did not gain access to the OA medical records system For the vast majority of individuals the information impacted included billing records and did not include Social Security numbers or drivers license numbers This billing information included first and last name OA medical record number a code related to the services provided dates of service treating physician name appointment location dollar amount of charges and name of insurance company For some individuals potentially impacted information may have included Social Security number drivers license number address email address telephone number date of birth appointment schedules referral forms or insurance plan numbers For OA staff potentially impacted information could also have included bank account and payroll information OA has mailed notification letters to all potentially affected individuals and each letter will describe the type of information potentially impacted which is specific to the individualppOA takes the protection of information seriously In addition to engaging a cybersecurity response firm OA promptly took and continues to take other actions to further protect its patients staff and systems postincident including implementing additional security measures OA continues to monitor the situation closely OAs cybersecurity firm has been monitoring the dark web and at the time of this notification letter no evidence has been found of any OA documentsppWe encourage OA patients and staff to be vigilant in reviewing any types of financial account insurance statements and credit reports for fraudulent or irregular activity Some specific steps individuals can take to protect their personal data are available belowppIf you were only a patient of OA Facial Plastics none of your information was involved The attacker had no access to any OA Facial Plastics datappIf you have any questions or need assistance please call 866 5286375 between 900 AM to 630 PM EDT Monday through Friday excluding federal holidaysppUnder US law an individual is entitled to one free credit report annually from each of the three major credit reporting bureaus Equifax Experian and TransUnion To order your free credit report visit wwwannualcreditreportcom or call tollfree 18773228228 You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit reportppIndividuals can place a Fraud Alert for one year at no cost Should you wish to place a fraud alert please contact any one of the three major credit reporting bureaus listed belowppIndividuals also have the right to place a credit freeze on a credit report which will prohibit a credit bureau from releasing information in the credit report without the consumers express authorization You may place a security freeze on your credit report by sending a request in writing by mail to all three nationwide credit reporting agencies listed belowppShould you wish to place a fraud alert or credit freeze please contact the three major credit reporting bureaus listed belowpphttpswwwequifaxcompersonalcreditreportservicespp18882980045ppEquifax Fraud Alert
PO Box 105069
Atlanta GA 303485069ppEquifax Credit Freeze
PO Box 105788
Atlanta GA 303485788pphttpswwwexperiancomhelppp18883973742ppExperian Fraud Alert
PO Box 9554
Allen TX 75013ppExperian Credit Freeze
PO Box 9554
Allen TX 75013pphttpswwwtransunioncomcredithelppp18333956938ppTransUnion Fraud Alert
PO Box 2000
Chester PA 19016ppTransUnion Credit Freeze
PO Box 160
Woodlyn PA 19094pp Otolaryngology Associates All Rights Reserved
Powered by AuDSEOp
PO Box 105069
Atlanta GA 303485069ppEquifax Credit Freeze
PO Box 105788
Atlanta GA 303485788pphttpswwwexperiancomhelppp18883973742ppExperian Fraud Alert
PO Box 9554
Allen TX 75013ppExperian Credit Freeze
PO Box 9554
Allen TX 75013pphttpswwwtransunioncomcredithelppp18333956938ppTransUnion Fraud Alert
PO Box 2000
Chester PA 19016ppTransUnion Credit Freeze
PO Box 160
Woodlyn PA 19094pp Otolaryngology Associates All Rights Reserved
Powered by AuDSEOp
