June 19, 2022
Website Notice of ECL Data Breach
Kernersville Eye Surgeons was notified that one of its third-party vendors, Eye Care Leaders (“ECL”), was the victim of cyber attack. We, like many other ophthalmology practices, use ECL’s ophthalmic electronic medical record (“EMR”) system and practice management software for the purposes of managing patient scheduling, registration, billing, and medical records. Based on information released by ECL, we want to share the following information about the attack, and how our patients’ information may have been affected:
- According to ECL, on or around December 4, 2021, an unauthorized party accessed their EMR system database hosted by Amazon Web Services and deleted certain databases and system configuration files.
- Notably, this incident did not involve unauthorized access to any of Kernersville Eye Surgeons’ computer systems.
- During the investigation, ECL was unable to confirm whether patient information maintained by Kernersville Eye Surgeons was accessed or acquired in an unauthorized manner during the incident, but also could not rule out the possibility.
- While ECL found no evidence that specific patient information was involved, it is possible that the following patient information could have been accessed or acquired by an unauthorized third party: first and last name, date of birth, medical record number, health insurance information, Social Security number, and information regarding care received at Kernersville Eye Surgeons.
While Kernersville Eye Surgeons is still in the process of considering the continued nature of our relationship with ECL, they have provided us with additional information regarding the security measures implemented to secure ECL’s systems and prevent future attacks. These improved security measures include, but are not limited to, strengthened network protections, improving server patching and data backup processes, and onboarding additional internal and third-party technical resources and monitoring personnel.
We also recommend our patients remain vigilant by reviewing account statements and monitoring free credit reports and promptly report any suspicious activity or suspected identity theft to law enforcement authorities. Please know that Kernersville Eye Surgeons will never solicit sensitive information from you via email or telephone.
We sincerely apologize for any concern or inconvenience this issue may cause and assure our patients that protecting patient information is of utmost importance to us. If you have any questions or need assistance, please call us at 1-866-979-1935 between the hours of 8:00 am and 5:00 pm (EDT) Monday through Friday.
*******
Anyone with concerns about their data should 1) monitor their credit reports, 2) obtain a fraud alert, and 3) place a security freeze on their credit.
How can I review my credit report?
Federal law requires credit reporting companies to give you a free credit report every 12 months if you request it. You can access your free credit report at www.annualcreditreport.com.
What is a fraud alert?
A fraud alert tells creditors to contact you personally before they open any new accounts.
How do I place a fraud alert on my account?
To place a fraud alert, you will need to contact any one of the three major credit bureaus (as soon as one credit bureau confirms your fraud alert, they will notify the others to place fraud alerts).
Equifax
P.O. Box 105069
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
1-800-525-6285
Experian
P.O. Box 2002
Allen, TX 75013
https://www.experian.com/fraud/center.html
1-888-397-3742
TransUnion
P.O. Box 2000
Chester, PA 19022
https://www.transunion.com/fraud-alerts
1-800-680-7289
How long does a fraud alert last?
An initial fraud alert lasts one year and it is free; you may then renew the fraud alert.
Will a fraud alert stop me from using my credit cards?
No. A fraud alert will not stop you from using your credit cards or other accounts.
Can I still apply for a credit card or loan after I place a fraud alert on my credit report?
Yes, but the verification process may be more cumbersome. Potential creditors will receive a message alerting them to the possibility of fraud and that creditors should re-verify the identity of a person applying for credit.
How do I place a Security Freeze on my credit files and how much does it cost?
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no cost to you. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing, by mail, to all three nationwide credit reporting companies. To find out more on how to place a security freeze, you can use the following contact information:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts/
1-800-685-1111
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
TransUnion Security Freeze
P.O. Box 2000
Chester, PA 19016
http://www.transunion.com/securityfreeze
1-888-909-8872
To place the security freeze, you will need to provide your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
How should patients report incidents of suspected or actual identity theft or fraud?
We encourage anyone who suspects identity theft or fraud to report the incident at www.identitytheft.gov, a federal resource for identity theft victims.
Recent Comments