On May 22, 2017, Vision Care Specialists, Inc. (“VCS”) learned that on or about May 20, 2017 the VCS administrative office was burglarized. Immediately upon learning of the burglary, VCS contacted law enforcement who investigated the incident. VCS assessed the items that were stolen during the burglary, and determined that certain paper records containing patient information had been stolen. VCS also hired a third-party forensic investigator to determine whether there was unauthorized access to any information stored in electronic format on the VCS systems. Through this investigation, VCS determined that there was no indication of unauthorized access to any sensitive data in electronic format as a result of the burglary. VCS is also taking steps to enhance security and prevent future incidents of this kind.
On or around July 5, 2017, VCS determined that one or more of the stolen paper records may have contained the following patient information: name, date of birth, Social Security number, medical information, diagnosis/medical conditions, health insurance account number, and/or financial information. While VCS’s investigation is ongoing, to date, VCS has no evidence of any actual or attempted misuse of information as a result of this incident.
VCS is mailing notice letters to individuals whose data was contained within the stolen paper records. VCS also is providing impacted individuals with access to one year of complimentary credit monitoring services. VCS encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. VCS is providing impacted individuals with contact information for the three major credit reporting agencies and advice on obtaining free credit reports, and placing fraud alerts and security freezes on their credit files. The relevant contact information is below:
|
Equifax P.O. Box 105069 Atlanta, GA 30348 800-525-6285 |
Experian P.O. Box 2002 Allen, TX 75013 888-397-3742 |
TransUnion P.O. Box 2000 Chester, PA 19106 800-680-7289 |
Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.
Individuals with questions can contact 800-859-0344 (toll-free) from Monday to Friday, 7:00 a.m. to 7:00 p.m. MT.
SOURCE: Vision Care Specialists
If they have “…no indication of unauthorized access…” then this is most likely reportable to HHS. If they have no audit logs, then they have “no indication of unauthorized access.”
If they have audit logs showing there was no compromise, then they should have “overwhelming evidence that no compromise occurred.”