PADUCAH, Ky., Dec. 20, 2021 /PRNewswire/ -- Southern Orthopaedic Associates d/b/a Orthopaedic Institute of Western Kentucky ("SOA") is providing notice of a recent event that may affect the privacy of certain patient and employee information. SOA provides orthopedic services to residents of western Kentucky and southern Illinois. Information about SOA and its locations can be found at https://oiwky.com. SOA is providing information about the event, SOA's response to it, and resources available to individuals to help protect their information, should they feel it necessary to do so.
What Happened? On or about July 7, 2021, SOA became aware of suspicious activity relating to an employee email account. SOA immediately launched an investigation to determine what may have happened. Working together with an outside computer forensics specialist, SOA determined that an unauthorized individual accessed several employee email accounts between June 24, 2021 and July 8, 2021. Because SOA was unable to determine which email messages in the accounts may have been viewed by the unauthorized actor, SOA reviewed the entire contents of the affected email accounts to identify what personal information was accessible.
What Information Was Involved? Although SOA cannot confirm whether your personal information was actually accessed, viewed, or acquired without permission, we are providing you this notification out of an abundance of caution, because such activity cannot be ruled out. While the impacted information varies for each individual, the scope of information potentially involved includes individuals': name, date of birth, Social Security number, driver's license number, passport number, financial account number and/or routing number, security code (CVV), payment card number, online account username and password, PIN or account login, medical billing/claims information, diagnosis, medical record number, Medicare/Medicaid identification, health information, health insurance information, and patient account number.
How Will Individuals Know If They Are Affected By This Incident? SOA is mailing notice letters to the individuals identified as impacted for whom they have a valid mailing address. If an individual did not receive a letter but would like to know if they are affected, they may call SOA's dedicated assistance line, detailed below.
What is SOA Doing? SOA has strict security measures to protect the information in its possession. Following this incident, SOA took steps to change all employee email account passwords and to secure the impacted accounts. SOA is currently implementing additional technical safeguards as well as training and education for employees to prevent similar future incidents.
What You Can Do. SOA encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor free credit reports for suspicious activity and to detect errors. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report, place a fraud alert, or a security freeze. Contact information for the credit bureaus is below.
Consumers have the right to place an initial or extended "fraud alert" on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer's credit file. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a "credit freeze" on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer's express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you will need to provide the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- Addresses for the prior two to five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver's license or ID card, military identification, etc.); and
- A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.
Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:
Equifax, P.O. Box 105069, Atlanta, GA, 30348, 1-800-685-1111, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289, www.transunion.com. Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual's state Attorney General.
SOA wants to assure those who may be impacted that SOA takes the responsibility to safeguard protected health information very seriously. SOA deeply regrets any inconvenience or concern this incident may cause you. If you have any additional questions or concerns, please contact the SOA dedicated assistance line at (855) 414-6050 (toll free), Monday – Friday, 8 am to 10 pm Central Time, or Saturday and Sunday, 10 am to 7 pm Central Time. Please be prepared to provide the following engagement number: B021743.
View original content:
SOURCE Southern Orthopaedic Associates d/b/a Orthopaedic Institute of Western Kentucky / Mullen Coughlin LLC