WSOC reports:
Patients’ Social Security numbers, dates of birth and names were all handed over to fraud suspects by a Carolina Digestive Health Associates employee.
In their search warrant, police said she admitted to sharing around 100 people’s personal information to fraud suspects.
She also agreed to let detectives check her phone, and the warrant said they saw several pictures of personal information including names, dates of birth and Social Security numbers of patients.
Read more on WSOC.
Carolina Digestive Health Associates issued the following statement:
CHARLOTTE, NC—April 17, 2018—Carolina Digestive Health Associates (“CDHA”) has become aware of a data security incident that may have involved the personal information of some of its patients. CDHA will be sending notification letters to the potentially involved patients to notify them of this incident and to provide resources to assist them.
On January 10, 2018, CDHA was contacted by the Charlotte-Mecklenburg Police Department and told the police had discovered that a CDHA employee had stolen personal information belonging to some patients. The involved employee has been terminated and CDHA is continuing to cooperate with the police investigation. In addition, CDHA has conducted its own investigation to identify any other patient records the employee may have accessed and what information was contained in those records.
Law enforcement asked CDHA to delay notification to affected patients while they investigated the situation and the employee involved. Notification letters will be sent to all affected patients via U.S. mail and will include information about the incident and steps potentially affected patients can take to monitor and protect their personal information. CDHA has established a toll-free call center to answer questions about the incident and to address related concerns. The call center we be available beginning Wednesday, April 18 at 2:00 p.m. ET, and thereafter, Monday through Friday from 8:00 A.M. to 5:00 P.M. EST at 888-284-9087. In addition, out of an abundance of caution, CDHA is offering identity protection services through ID Experts to potentially impacted individuals at no cost.
CDHA takes the security of all patient information very seriously and is taking steps to prevent a similar event from occurring in the future, including restricting employee access to patients’ sensitive information, and increasing the monitoring and auditing of access to patient records. CDHA deeply regrets any inconvenience or concern this incident may cause.
Their full statement can be found on their web site.