NEW YORK, Nov. 1, 2019 /PRNewswire/ -- The Brooklyn Hospital Center (the "Hospital") is a full-service community teaching hospital located in Brooklyn, New York. The Hospital is providing notice of a recent data security incident that may affect the security of personal information in our care. We have no evidence of actual or attempted exfiltration of patient information related to this incident. However, we are unable to recover certain data related to specific patients, therefore, we are notifying patients regarding the data incident and steps we have taken since discovery of this event.
In late July 2019, the Hospital became aware of unusual activity relating to certain Hospital servers. The Hospital immediately commenced an investigation, which included working with a leading third-party forensic investigation firm, to determine the full nature and scope of the incident. Through this investigation, we determined that a malware that encrypted certain systems had disrupted the operation of certain Hospital systems; however, the investigation found no evidence that data was actually accessed or acquired by an unauthorized person(s). However, on September 4, 2019, the investigation confirmed that due to the malware, and despite exhaustive efforts by the Hospital to recover the data, certain patient data was unrecoverable. While recovery efforts are ongoing, based on this determination, the Hospital is undertaking a diligent review of the patient data that may be potentially impacted by this event and taking steps to notify those individuals whose records may no longer be available. To date, the Hospital are unaware of any actual or attempted access to or misuse of medical or personal information.
The unrecoverable information may include patient name and certain cardiac or dental images. As stated, there is no evidence to date of actual or attempted access to, acquisition of, or misuse of any medical or personal information related to this incident.
The privacy and security of information in its possession is one of the Hospital's highest priorities, and accordingly, the Hospital has strict security measures in place to protect information in its care. Upon learning of this incident, the Hospital quickly took steps to restore its systems and ensure the security of its network. Further, the Hospital is reviewing its policies and procedures relating to data security and taking steps to enhance existing security protocols.
Affected patients can review the notice letter they received, which contains information on what they can do to better protect their information, should they feel it is appropriate to do so. This information is also available on the Hospitals website at tbh.org/notice-data-event and below.
The Hospital sincerely regrets any inconvenience or concern this incident may have caused. Affected patients can call the dedicated assistance line established to answer questions about this incident at 1-855-946-0131, Monday through Friday, 9:00 a.m. to 6:30 p.m. ET for more information.
Steps to Protect Personal Information
Monitor Your Accounts
Again, the Hospital is unaware of, and a third-party investigation conducted by experts found no evidence that any actual access to personal data occurred as a result of this incident; however, the following steps can be taken to better protect personal information, should you feel it appropriate to do so. The Hospital encourages those who may be affected to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits, and to monitor credit reports for suspicious activity and to detect errors. Under U.S. law, adults are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report:
PO Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
PO Box 105788
Atlanta, GA 30348-5788
You can further educate yourself regarding identity theft, credit fraud alerts, credit security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement.
For New York residents, the Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; https://ag.ny.gov/.