CLAREMONT, N.C., June 23, 2020 /PRNewswire/ -- Choice Health Management Services, LLC ("Choice Health Management Services") is providing notice on behalf of Universal Health Care / Blumenthal, Inc., Brian Center Nursing/St. Andrews, LLC, Catawba Valley Assisted Living, LLC, Universal Health Care/Lenoir, Inc., Litchford Falls Healthcare & Rehabilitation Center, Saturn Health, Inc., Universal Health Care/Brunswick, Inc., Universal Health Care/Concord, Inc., Universal Health Care/Fletcher, Inc., Universal Health Care/Fuquay-Varina, Inc., Universal Health Care/Greenville, Inc., Universal Health Care/King, Inc., Universal Health Care/Lillington, Inc., Universal Health Care/North Raleigh, Inc., Universal Health Care/Oxford, Inc., and Universal Health Care/Ramseur, Inc. of an incident that may affect the security of certain personal information relating to current and former residents or patients, employees, or other third-parties associated with these facilities. While Choice Health Management Services is unaware of actual misuse of the information notice is being provided to potentially affected individuals and certain federal regulators.
Choice Health Management Services provides IT, payroll, billing, and compliance functions for the above referenced independent living, assisted living, and skilled nursing facilities. In late 2019, Choice Health Management Services discovered suspicious activity in certain Choice Health Management Services employee email accounts. With the assistance of third-party forensic investigators, Choice Health Management Services launched an investigation into the nature and scope of this incident. On January 17, 2020, Choice Health Management Services confirmed that certain employee email accounts were subject to unauthorized access, but was unable to determine what, if any, individual emails or attachments within the accounts were subject to unauthorized access. With the assistance of a third-party firm, Choice Health Management Services then began a comprehensive and time-intensive review process of the email accounts subject to unauthorized access to determine what, if any, sensitive information they contained. On March 27, 2020, the review concluded, and Choice Health Management Services learned that personal health information was contained in certain email accounts. However, since the vendor was unable to link a large number of the individuals to the facility where the individuals sought treatment, Choice Health Management Services began a review of its internal records to determine this information so notice could be provided to the appropriate facility. On May 12, 2020, Choice Health Management Services completed its internal review and determined which individuals received care from a facility associated with Choice Health Management Services. On April 16, 2020 and again on May 22, 2020, Choice Health Management Services notified facilities about the event and requested permission to provide patients and residents with notice, which was subsequently granted.
The information potentially impacted by this event varied by individual but included first and last names and one or more of the following data elements: date of birth, Social Security number, driver's license number, passport number, credit card information, financial account information, employer identification number, username with password or associated security questions, email address with password or associated security questions, date of service, provider name, medical record number, patient number, medical information, diagnostic or treatment information, surgical information, medications, and/or health insurance information. Choice Health Management Services unaware of any actual misuse of personal information relating to this event, and is providing this notice in an abundance of caution.
On June 23, 2020, Choice Health Management Services began mailing notice letters to affected individuals for whom it has address information. The notice encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements credit reports, and explanation of benefits forms for suspicious activity and report any suspicious activity immediately to their insurance company, health care provider, or financial institution. Information on obtaining a free credit report annually from each of the three major credit reporting bureaus by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 1-800-685-1111, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680-7289, www.transunion.com. Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement or the individual's state Attorney General. Choice Health Management Services, on behalf of its associated facilities, provided notice of this incident to the U.S. Department of Health and Human Services (HHS), as well as required state regulators.
Choice Health Management Services takes this incident and security of personal information in its care seriously. Upon learning of this incident, Choice Health Management Services blocked access to the email accounts, changed the users' account credentials, rebuilt computers to eradicate any potential virus or malware from the computer, and launched an in-depth investigation to determine the nature and scope of the incident. As part of Choice Heath Management Services' ongoing commitment to the privacy of personal information in its care, Choice Heath Management Services reviewed its privacy policies and procedures, and implemented additional safeguards to further secure the information in its systems.
Individuals seeking additional information regarding this incident can visit https://www.choice-health.net/ for additional information.
SOURCE Choice Health Management Services, LLC