Notice of Data Privacy Event

ABOUT THE DATA PRIVACY EVENT

Catholic Charities Neighborhood Services, Inc. (“CCNS”) recently discovered an incident that may impact certain CCNS patient information. Since discovering the incident, we have been working, with the assistance of third-party forensic investigators, to determine the full nature and scope of the incident. We are also taking additional actions to strengthen the security of our email systems moving forward, as well as providing additional training to users on how to identify phishing scams.

FREQUENTLY ASKED QUESTIONS

What happened? On July 13, 2018, CCNS became aware of suspicious activity within an employee’s email account. Upon learning of this suspicious email activity, CCNS promptly launched an internal investigation, with the assistance of third-party forensic investigators. Through this investigation, CCNS learned that an employee had received a spam phishing email and inadvertently provided his/her email credentials to an unauthorized actor. As a result of this phishing attack, the unauthorized actor accessed the CCNS employee email account on July 3, 2018.

What information may have been affected by this incident? After conducting a comprehensive forensic investigation into the incident, on or about August 16, 2018, we confirmed that the impacted email account contained, and the unauthorized actor accessed, the following types of patient information: name, date of birth, Social Security number, Medicaid ID number, diagnosis information, medications, date of admission/discharge, and/or hospital name. CCNS does not currently have any evidence of actual or attempted misuse of the information impacted as a result of this incident.

How will I know if I am affected by this incident? With the assistance of a mail vendor, on September 7, 2018, CCNS began mailing notice letters to impacted patients.

What is CCNS doing in response to this incident? CCNS is notifying the impacted patients, and offering those affected complimentary access to credit monitoring and identity protection services. We are also taking additional actions to strengthen the security of our email systems, as well as providing additional training to users on how to identify phishing scams.

Whom should I contact for more information? CCNS set up a call center to answer questions from those who might be impacted by this incident. Anyone with additional questions about the incident, including whether you are affected, may contact the call center at (800) 939-4170 (toll-free), Monday through Friday, 9:00 a.m. to 8:00 p.m. EDT.

What can I do to protect my information?

Monitor Your Accounts.

Credit Reports. We encourage impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

Security Freeze. You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian
PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html
TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-909-8872
www.transunion.com/credit-freeze
Equifax
PO Box 105788
Atlanta, GA 30348-5788
1-800-685-1111
www.equifax.com/personal/credit-report-services

Fraud Alerts. As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:

Experian
P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com/fraud/center.html
TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-680-7289
www.transunion.com/fraud-victim-resource/place-fraud-alert
Equifax
P.O. Box 105069
Atlanta, GA 30348
1-888-766-0008
www.equifax.com/personal/credit-report-services

Additional Information.

Instances of known or suspected identity theft should be reported to law enforcement and the Federal Trade Commission. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov;
1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission encourages those who discover that their information has been misused to file a complaint with them.

Back to top