NOTICE OF DATA SECURITY INCIDENT

Florida Digestive Health Specialists (“FDHS”) recently learned about a data security incident that may have impacted your protected health information (“PHI”). Specifically, the incident in question may have resulted in the disclosure of your name and medical information. There is no evidence that any patient health information was actually accessed or downloaded. However, to keep our patients fully informed and protected we are notifying those who may have been impacted. At FDHS, we respect the privacy and security of all information within our control, and sincerely apologize for any concern this may cause you.

What happened?

On December 16, 2020, an employee noted suspicious activity within their FDHS email account that resulted in suspicious emails having been sent from their employee account. Several days later, on December 21, 2020, FDHS learned that FDHS company funds had been misrouted to an unknown bank account. FDHS immediately began an investigation to determine how the incident occurred, and what could be done to better protect our systems. The investigation found that a limited number of FDHS employee email accounts had been accessed by unauthorized users. FDHS investigated those email accounts to determine what information was found in those accounts, whether it constituted personal information, protected health information, or other confidential information, and to whom that information belonged.

This process took a considerable amount of time and only concluded on November 19, 2021.

What information was involved?

The categories of patient health information that may have been accessed include first and last names, address, date of birth, Social Security number, financial information, health insurance information, medical information, diagnosis, health insurance individual policy number, and Medicare/Medicaid information.

Was the electronic medical record system accessed?

No, our electronic medical record system (also known as an electronic health record system) was not accessed.

What are we doing?

To help reduce the risk of fraud or identity theft, we are offering complimentary credit monitoring and identity restoration services for twelve months, at no charge. IDX identity protection services include: 12 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services.

Additionally, in response to this incident, FDHS has taken steps to increase the security of its systems including, resetting passwords, enabling multi-factor authentication throughout our IT systems, deploying additional security controls, strengthening password protocols, and reconfiguring our firewall.

What can you do?

It is always a good idea to carefully monitor your bank account and other financial statements, and immediately contact your financial institution if you identify any suspicious activity. All individuals whose information may have been involved in this incident are being offered complimentary identity protection services through IDX for 12 months. We encourage you to contact IDX with any questions and, if your information was present in the impacted dataset, take full advantage of the IDX service offering.  To determine whether you were affected by this incident, please call 1-833-365-2604, Monday through Friday from 9 am – 9 pm Eastern Time.

For more information

If you have any questions or concerns, please call 1-833-365-2604, Monday through Friday from 9 am – 9 pm Eastern Time. Your trust is our top priority, and we deeply regret any inconvenience or concern that this matter may cause you. Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity.