ASAS Health continues to being committed to providing quality care, including protecting your personal, sensitive, and protected health information.
What Happened?
On March 9, 2023, ASAS Health became aware of suspicious activity within its network and discovered that there had been unauthorized access into the network. Upon discovering this unauthorized access, ASAS Health took immediate steps to ensure its network was secure, engaged the services of cyber security experts, and reported the incident to law enforcement agencies, including the Federal Bureau of Investigation. While we continue to investigate the incident, ASAS Health took multiple steps to lessen the possibility of harm arising from the incident including immediately implementing its cyber security incident protocols and engaging the services of cyber security experts. We cannot definitively determine whether and what information was actually accessed or subsequently compromised, however, in an abundance of caution, we are providing patient Notice.
What Information Was Involved?
We are not currently able to identify the specific information accessed or compromised, if at all. The general types of information that might have been involved include:
- Name
- Date of birth
- Address
- Phone number
- Email address
- Driver’s license number
- SSN
- Diagnosis
- Disability Code
- Medicare ID number
- Health Plan Carrier Information
- Financial information
What We Are Doing:
To protect you and other patients from future breaches of personal, sensitive, and protected health information, we continue to refine our security protocols and maintain a robust information security system. Additionally, resources and services available to impacted patients will be mailed. ASAS Health will also fully cooperate with any law enforcement investigation.
What You Can Do:
We strongly encourage you to take precautionary measures now to help prevent and detect any misuse of your personal, sensitive, and protected health information. Some recommended steps include:
- Be alert for “phishing” e-mails that appear to come from someone you know, including your health care provider. If you receive a suspicious information from ASAS Health regarding your personal, sensitive, or protected health information, please contact us immediately.
- Closely monitor any documents and information purported to be sent by ASAS Health or your health care provider. Contact ASAS Health if something looks suspicious or unfamiliar.
- Request a copy of your current medical records from each health care provider. Review them to make sure the information is familiar. Report any errors or suspicious information to your health care provider.
- Ask your health care providers to provide a list of all the times your medical information has been shared and the reasons for sharing. Review the list and report any errors or suspicious information to your health care provider.
- Monitor your financial accounts. If you see any unauthorized activity, promptly contact your financial institution. You should also report any fraudulent activity or any suspected incidents of identity theft to law enforcement.
- Request a free credit report. You can obtain a free credit report annually from each of three nationwide credit reporting agencies at AnnualCreditReport.com or by calling 1-877-322-8228. The site is supported by the three major credit reporting companies: Equifax, Experian, and TransUnion. Even if you do not see any suspicious activity now, the Federal Trade Commission recommends checking your credit reports periodically. Your personal information may be held for use or shared among a group at different times, so checking your credit reports periodically can help you quickly identify problems.
- Take steps recommended by the Federal Trade Commission (“FTC”) to protect yourself from identity theft. The FTC’s website offers helpful information at https://www.ftc.gov/news-events/topics/identity-theft.