DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

NY: Episcopal Health Services – Notice of Data Privacy Event

Posted on May 10, 2019 by Dissent

A press release issued today.

On September 18, 2018 Episcopal Health Services became aware of suspicious activity in employee email accounts. We immediately began an investigation to determine what happened and what information may have been affected. With the assistance of third-party forensic investigators, we determined that certain employee email accounts were subject to unauthorized access between August 28, 2018 and October 5, 2018. These email accounts were then reviewed to determine whether they contained any protected health or personal information.  On November 1, 2018, Episcopal Health Services determined that the accounts subject to unauthorized access contained protected health information of certain individuals. Episcopal Health Services is not aware of any reported attempted or actual misuse of any personal information as a result of this event. The types of information contained within the potentially impacted emails are: Social Security number, date of birth, financial account information, medical history information, prescription information, medical record number, treatment or diagnosis information, and health insurance information or policy number. The types of information varied by individual.

On November 15, 2018, Episcopal Health Services began mailing notice letters to individuals whose information was contained within the impacted accounts and for whom they had a postal address. Episcopal Health Services continued reviewing the contents of the impacted email accounts to determine whether they contained any protected information. On February 26, 2019, Episcopal Health Services determined that the additional accounts subject to unauthorized access contained protected information of certain individuals. However, the list of potentially affected individuals provided by the vendor did not include addresses for a large number of individuals and included many potential duplicates. Therefore, Episcopal Health Services was required to review its records to attempt to locate the missing addresses and remove potential duplicates. This process was completed on March 19, 2019. As a result of this continued review, Episcopal Health Services mailed a second round of notice letters to additional individuals whose information was determined to be contained within the impacted email accounts and for whom they had a postal address. Episcopal Health Services has offered potentially impacted individuals access to credit monitoring and identity theft protection services for one year without charge.

Episcopal Health Services encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Episcopal Health Services is providing potentially impacted individuals with contact information for the three major credit reporting agencies, as well as providing advice on how to obtain free credit reports and how to place fraud alerts and security freezes on their credit files. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. The relevant contact information is below:

Equifax

P.O. Box 105069

Atlanta, GA 30348

1-800-525-6285

www.equifax.com

Experian

P.O. Box 2002

Allen, TX 75013

1-888-397-3742

www.experian.com

TransUnion

P.O. Box 2000

Chester, PA 19016

1-800-680-7289

www.transunion.com

Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC  20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.

Episcopal Health Services has set up a call center to answer questions from those who may have been impacted by this incident. The call center can be reached at 1-866-775-4209 (toll free), Monday through Friday, 9:00 a.m. to 6:00 p.m. ET

Additional information on how potentially impacted individuals can protect themselves can also be found at Episcopal Health Services’ website www.ehs.org. Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General.

SOURCE Episcopal Health Services

Category: HackHealth DataU.S.

Post navigation

← NY: Gates Chili student arrested, charged with hacking into former superintendent’s email
TX: UMC Physicians Notifies Patients of Compromised Patient Data →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Trump Rewrites Cybersecurity Policy in Executive Order
  • AMI Group – Travel & Tours notice of ransomware attack
  • Resource: Insider Threat reports
  • Za: Cyber extortionist sentenced to eight years in jail
  • ICE takes steps to deport the Australian hacker known as “DR32”
  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.