San Juan, Puerto Rico—April 24, 2019— Inmediata Health Group, Corp. (“Inmediata”) recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers’ patients. We are directly mailing notification letters to the potentially impacted individuals to notify them they may have been affected and to provide resources to assist them.
In January 2019, Inmediata became aware that some electronic health information was viewable online due to a webpage setting that permitted search engines to index internal webpages that are used for business operations. Immediately after we became aware of the incident, we deactivated the website and engaged an independent digital forensics firm to assist with an investigation. Based on the current findings of the ongoing investigation, we have no evidence that any files were copied, or saved. In addition, to date we have not discovered any evidence to suggest that any information potentially involved in this incident has been subject to actual or attempted misuse.
Although Inmediata is unaware of the misuse of any involved information, out of an abundance of caution, we began mailing notification letters to the potentially affected individuals directly on April 22, 2019. The information potentially involved in this incident may include patients’ names, addresses, dates of birth, gender, and medical claim information. A very small group of the potentially impacted people may have Social Security numbers involved as well. The letters mailed to the affected individuals specifically state what data of theirs may have been impacted.
The notification letters also include information about the incident and steps potentially affected individuals can take to monitor and protect their personal information. We have a toll-free call center established to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time and can be reached at (833) 389-2392.
We take the security of all patient information very seriously and we are taking steps to prevent a similar incident from occurring in the future. We deeply regret any inconvenience or concern this incident may cause.
While we have no evidence of the misuse of any patient’s information, we are providing the following information to help those wanting to know more about steps they can take to protect themselves and their personal information:
What steps can I take to protect my personal information?
- Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in our name that you do not recognize.. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
- You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed at the bottom of this page.
- You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
- Additional information on what you can do to better protect yourself is included in your notification letter.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page:
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.
How do I put a security freeze on my credit reports?
You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, or regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. The consumer reporting agency may charge a small fee to place, lift, or remove a freeze, but is free if you are a victim of identity theft or the spouse of a victim of identity theft, and you submit a valid police report relating to the identity theft incident to the consumer reporting agency. You may obtain a security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze
Experian Security Freeze
What should I do if my family member is deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and Trans Union, and request they flag the deceased credit file. This will prevent the credit file information from being used to open credit. To make this request, mail a copy of your family member’s death certificate to each company at the addresses below.
Equifax Information Services LLC
Office of Consumer Affairs
P.O. Box 105169,
Atlanta, GA 30348
Experian Information Services
P.O. Box 9530
Allen, TX 75013
Trans Union Information Services
P.O. Box 1000
Chester, PA 19022
Are their steps I can take to protect my minor child’s personal information?
You can request that each of the three national credit reporting agencies perform a manual search for a minor’s Social Security number to determine if there is an associated credit report. Copies of identifying information for the minor and parent/guardian may be required, including birth or adoption certificate, Social Security card and government issued identification card. If a credit report exists, you should request a copy of the report and immediately report any fraudulent accounts to the credit reporting agency. You can also report any misuse of minor’s information to the FTC at https://www.identitytheft.gov/. For more information about Child Identity Theft and instructions for requesting a manual Social Security number search, visit the FTC website: https://www.consumer.ftc.gov/articles/0040-child-identity-theft.