Capital Digestive Care Notifies Patients, Website Users of Data Security Incident
SILVER SPRING, MD – April 23, 2018 – Capital Digestive Care (“CDC”) has become aware of a data security incident that may have involved the limited protected health information of its patients and other individuals visiting its website. Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have taken steps to notify all potentially impacted individuals, and to provide resources to assist them.
On February 23, 2018, we were notified that a third-party vendor stored data files on a commercial cloud server without adequate security, which were discovered by an individual who informed us of the incident. We immediately notified the vendor, who took steps to secure the data files and conducted an investigation to determine what information may have been accessible. As a result of this investigation, it was determined that the information was limited to the “Schedule a Visit” and “Contact” pages on our website containing personal information that was submitted, including names, addresses, telephone numbers, email addresses, dates of birth, and possible health information. The patient “Portal Login” and the “Pay a Bill” pages were not affected and remain secure. No Electronic Medical Records, Social Security numbers, financial account or payment transaction information were involved in this incident.
We take the security of all information in our control very seriously, and want to assure everyone that we have taken steps to prevent a similar event from occurring in the future. This includes requiring third- party vendors to confirm Health Insurance Portability and Accountability Act (“HIPAA”) compliance in the secure storage of all personal data.
We mailed letters to individuals potentially impacted by this event which includes steps they can take to monitor and protect their personal information. We have also established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 9:00 p.m., Eastern Time and can be reached at 855-540-5612. In addition, out of an abundance of caution, we are offering identity theft restoration services through TransUnion to potentially impacted individuals at no cost.
The privacy and protection of patient and personal information is a top priority, and we deeply regret any inconvenience or concern this incident may cause.
The following information is provided to help individuals wanting more information on steps they can take to protect themselves:
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page.
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.
Contact information for the three nationwide credit reporting agencies is as follows:
Equifax Security Freeze
PO Box 105788 Atlanta, GA 30348
Experian Security Freeze
PO Box 9554 Allen, TX 75013
PO Box 2000 Chester, PA 19022