What Happened?
On November 14, 2019, we learned that an outside entity sent phishing emails to certain of our employees soliciting their login information to our email system. We immediately commenced an investigation and determined on February 24, 2020, that the entity appears to have been able to use employee credentials to gain unauthorized access from August 27, 2019 through February 14, 2020 to a small number of employee email accounts. We have terminated the unauthorized access to our employee emails accounts. The access was limited to information that was contained in emails of the impacted employees and did not extend to patient databases.
What Information Was Involved?
Our data review experts are continuing to analyze the impacted accounts to determine the types of information that may have been potentially exposed as a result of this incident. Once our data review experts complete their analysis, we will update this notice with a description of the types of information that may have been exposed. Our investigation has not found any evidence that this incident involves any unauthorized access to or use of any of MLHS’s information aside from the information contained within the accessed email accounts.
What We Are Doing?
We take the privacy of personal information seriously and deeply regret that this incident occurred. We took steps to address this incident promptly after it was discovered, including initiating an investigation into this incident and working with an independent forensic investigation firm to assist us in the investigation of and response to this incident. Additionally, we have reset all user account passwords and have implemented additional technology measures in order to help prevent this type of incident from reoccurring in the future. MLHS has also reported this incident to law enforcement and will continue to cooperate with any investigation.
What You Can Do?
Notification letters will be sent to potentially impacted individuals once our data review experts complete their analysis. The letters will include information about this incident and about steps that potentially impacted individuals can take to monitor and help protect their personal information. We will also establish a toll-free call center to answer questions about the incident and to address related concerns. In addition, as a precaution, we will offer complementary credit monitoring services to those individuals whose information was potentially impacted. We will update this notice once notification letters are sent and the toll-free call center is established.
We deeply regret any inconvenience or concern this incident may cause.
The following information is provided to help potentially affected individuals wanting more information about steps that they can take to protect themselves:
What steps can I take to protect my private information?
What should I do to protect myself from payment card/credit card fraud?
We suggest that you review your debit and credit card statements carefully in order to identify any unusual activity. If you see anything that you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies once every twelve (12) months. To do so, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three agencies is included in the notification letter and is also listed at the bottom of this page.
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert informs creditors of possible fraudulent activity within your report and requests that creditors contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies as listed below.
Contact information for the three nationwide credit reporting agencies is as follows:
Equifax Security Freeze | Experian Security Freeze | TransUnion Security Freeze |
---|---|---|
PO Box 105788 | PO Box 9554 | PO Box 2000 |
Atlanta, GA 30348 | Allen, TX 75013 | Chester, PA 19022 |
1-800-685-1111 | 1-888-397-3742 | 1-800-888-4213 |
www.equifax.com | www.experian.com | www.transunion.com |
4834-7935-6343, v. 1