SuperCare Health (“SuperCare”) has announced a data security incident involving personal information relating to its patients, patients/members of its partner organizations and others. We sent notification of this incident to potentially impacted individuals and have provided resources to assist them.
What Happened: On July 27, 2021, we discovered unauthorized activity on our systems. In response, we immediately began containment, mitigation, and restoration efforts to terminate the activity and to secure our network, systems, and data. In addition, we retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist us in determining what happened.
The forensic investigation revealed that an unknown party had access to certain systems on our network from July 23, 2021 to July 27, 2021. Based on that information, we worked diligently to identify the potentially affected files and their contents. On February 4, 2022, we determined that the potentially impacted files contained some information relating to certain patients. Please note that to date, we have no reason to believe that any information was published, shared, or misused as a result of this incident.
What Information Was Involved: The data involved varies depending on the individual but may include: name, address, date of birth, hospital or medical group, patient account number, medical record number, health insurance information, testing/diagnostic/treatment information, other health-related information, and claim information. For a small subset of individuals, their Social Security number and/or driver’s license number may have been contained in the impacted files.
What We Are Doing: On March 25, 2022, we notified individuals whose information was involved in the incident. In addition, we implemented additional security measures to protect our digital environment and minimize the likelihood of future incidents. We also reported the incident to the Federal Bureau of Investigation and will cooperate to help identify and prosecute those responsible.
What You Can Do: As we have stated, we are not aware of any misuse of the impacted information. The notification letters that were sent to potentially affected individuals include resources and steps that they can take to protect their personal and protected health information. They are provided below as well.
The privacy and security of your information is a top priority for SuperCare Health. We take this incident very seriously and we regret any worry or inconvenience this may cause you.
For More Information: If you have any questions regarding the incident, please call 833-648-2050, Monday through Friday from 6:00 a.m. to 6:00 p.m. Pacific Time.
While SuperCare has no evidence of the misuse of any potentially affected individuals’ information, it is providing the following information to help those who want to know more about steps they can take to protect themselves and their personal information:
Steps You Can Take to Protect Your Personal Information
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).
Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies:
P.O. Box 105851
Atlanta, GA 303481
P.O. Box 9532
Allen, TX 750131
P.O. Box 1000
Chester, PA 190161
Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at www.annualcreditreport.com.
Security Freeze: You have the right to put a security freeze on your credit file for up to one year at no cost. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.
Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state Attorney General about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state.
|Federal Trade Commission|
600 Pennsylvania Ave, NW
Washington, DC 20580
|Maryland Attorney General|
200 St. Paul Place
Baltimore, MD 21202
|New York Attorney General|
Bureau of Internet & Technology Resources
28 Liberty Street
New York, NY 10005
|North Carolina Attorney General|
9001 Mail Service Center
Raleigh, NC 27699
|Rhode Island Attorney General|
150 South Main Street
Providence, RI 02903
|Washington D.C. Attorney General|
441 4th Street, NW
Washington, DC 20001
You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information; as well as other rights. For more information about the FCRA, and your rights pursuant to the FCRA, please visit https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reporting-act.pdf.