Data Breach Update: Medsurant Holdings, LLC | Console and Associates, PC
On September 30, 2021, Medsurant Holdings, LLC learned that an unauthorized party had gained access to certain patient data between September 23, 2021 and September 30, 2021. Although the information compromised varies by patient, it may include patient social security numbers. On November 29, 2021, Medsurant Holdings began sending data breach notification letters to everyone affected by the security breach.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about what you can do if your data has been stolen, see our previous blog post, “A Guide for Data Breach Victims”.
We have obtained a copy of the initial data breach letter issued by Medsurant Holdings, LLC:
Medsurant Holdings, LLC (“Medsurant”) is writing to inform you of a recent incident that may affect the security of certain of your information. Medsurant is the parent company of Advanced Medical Resources, LLC, American Intraoperative Monitoring, LLC, Bromedicon, LLC, Evokes, LLC, Medsurant, LLC, Physiologic Assessment Services, LLC, Sensory Testing Systems, LLC and Head & Spine Institute of Texas, LLC. Although we have no evidence of fraudulent use of information as a result of this incident, this notice provides information about the incident, our response, and the resources available to you to help protect your information from possible misuse, if you deem it necessary to do so.
What happened? On September 30, 2021, Medsurant received a suspicious email from an unknown actor who allegedly deleted data from the Medsurant environment. Since the unknown actor alleged the deletion of data from systems containing patient information, Medsurant worked quickly to investigate what happened and whether this incident resulted in unauthorized access or theft of patient information by unknown actor.
Medsurant conducted a thorough investigation to determine the nature and extent of the incident. The investigation determined that an unknown actor accessed our systems between September 23, 2021 and September 30, 2021, and that certain data was exfiltrated from our systems. Another brief, limited access period occurred on November 12, 2021, and some limited data was encrypted during this period but restored from internal sources. Medsurant conducted a review of the compromised data to identify the individuals whose information was impacted. Medsurant then worked to confirm the identities and contact details of those affected in order to provide notifications. On or about February 2, 2022, the review was completed.
What information has been affected. It has been determined that the following types of information were taken by the threat actor during this incident: full name, address, .
What we do. Medsurant takes this incident and the security of your information very seriously. Upon learning of this incident, we immediately took action to restore our operations and further secure our systems by implementing additional network monitoring and initiating a forensic review. As part of our ongoing commitment to the confidentiality of information entrusted to us, we are reviewing our existing policies and procedures and implementing additional administrative and technical safeguards to further secure the information in our systems. Medsurant has also notified federal law enforcement, the US Department of Health and Human Services, and other government regulators. While we are not aware of any fraudulent use of your information as a result of this incident, we are offering you access to 24 months of free credit monitoring and identity restoration services through Equifax.
What you can do. As a precaution, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and benefit explanations for unusual activity and for errors. We also encourage individuals to promptly report suspicious activity to your insurance company, health care provider or financial institution. Additional details can be found below in the steps you can take to help protect your information. You can also sign up for the free credit monitoring services described above. Registration instructions are attached to this letter.
For more information. If you have additional questions, you can call our dedicated toll-free support line at 855-964-4395, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Standard Time (excluding U.S. holidays) . You can also write to Medsurant at 100 Front Street, Suite 280, West Conshohocken, PA 19428.
We sincerely regret any inconvenience or concern this incident may cause.