HACKENSACK, N.Y., July 23, 2019 /PRNewswire/ -- On May 24, 2019, RCCA MSO LLC ("RCCA MSO"), the management services entity for Regional Cancer Care Associates LLC ("RCCA") and RCCA MD LLC ("RCCA MD" and together with RCCA MSO and RCCA, the "RCCA Group") became aware of suspicious activity regarding an employee email account. RCCA MSO immediately began an investigation to confirm the security of its network and to determine the nature and scope of this event. With the assistance of third-party forensic investigators, on June 21, 2019, RCCA MSO learned that the RCCA Group was the victim of unauthorized access to several employee email accounts. The investigation confirmed that the employee mailboxes were subject to unauthorized access between April 17, 2019 and June 4, 2019. On July 16, 2019, the RCCA Group confirmed that certain personal information, including health information contained in the employee email accounts were potentially exposed. The RCCA Group is not aware of any evidence or indication of an attempted or actual access or misuse of any personal information as a result of this event.
On July 23, 2019 the RCCA Group began mailing notice letters to patients of the RCCA Group whose information was contained within the impacted accounts. The majority of information contained in the impacted email accounts included health information such as name, treatment, diagnosis, physician, health insurance information, patient number, and prescription information. For a small subset of the affected individuals, the information contained in the email accounts also included address, Social Security numbers, driver's license numbers, and payment card information. As part of its incident response, the RCCA Group immediately changed the log-in credentials for the affected accounts, scanned its email tenant for signs of compromise, and performed email message tracing. Since then, the RCCA Group has continued ongoing efforts to augment security controls and to implement additional controls, including multi-factor authentications, to further prevent employee email accounts from unauthorized access.
The RCCA Group encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. As added precautions, the RCCA Group is offering credit/identity monitoring and identity restoration services to potentially impacted individuals, as well as contact information for the three major credit reporting agencies, and guidance on how to obtain free credit reports and how to place fraud alerts and security freezes on credit files.
The relevant contact information for the three major credit reporting agencies is below:
P.O. Box 105069
Atlanta, GA 30348
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.
Additional information on how potentially impacted individuals can protect themselves can also be found at the RCCA Group's website https://www.regionalcancercare.org. Instances of known or suspected identity theft should also be reported to law enforcement or the individual's state Attorney General.
For Connecticut Residents, the Attorney General can be contacted at 55 Elm Street, Hartford, CT 06106, (860)-808-5318, https://portal.ct.gov/AG.
For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us.
For New Jersey Residents: The New Jersey Attorney General can be contacted at 124 Halsey Street, Newark, NJ 07102, (609)-292-4925, www.nj.gov/oag/.
The RCCA Group remains committed to safeguarding patient information in its care, and will continue to take proactive steps to enhance data security across the RCCA Group.
SOURCE RCCA Group
These press releases may also interest you