In early March 2023, ASAS Health locations primarily in Edinburg and McAllen became aware of suspicious activity within its data systems. The unauthorized access was quickly caught prior to the destruction or deletion of any data or systems. Some patient data could have been viewed or copied. ASAS Health continues to work with a forensic investigator and other experts, including law enforcement officials, to evaluate the incident and identify impacted records that could include personal or sensitive information.

 

ASAS Health will notify all potentially impacted patients promptly via mail with more information and the next steps. ASAS Health took multiple steps to lessen the possibility of harm including immediately implementing its cyber security incident protocols and engaging the services of cyber security experts. ASAS Health will continue to comply with HIPAA and all other state and federal regulatory guidelines.

 

If you are a current or past patient of these clinics, you will receive a letter in the mail during the week of May 8th, 2023 providing you with information and next steps.

 

For more information or to ask questions about the incident and our commitment to protecting your information, you can call 1-800-984-8307.  For general information about your rights, you may contact ASAS’ HIPAA Privacy and Security Officer at report@yazjimd.com.

 

ASAS Health continues to being committed to providing quality care, including protecting your personal, sensitive, and protected health information.

 

What Happened?

On March 9, 2023, ASAS Health became aware of suspicious activity within its network and discovered that there had been unauthorized access into the network.  Upon discovering this unauthorized access, ASAS Health took immediate steps to ensure its network was secure, engaged the services of cyber security experts, and reported the incident to law enforcement agencies, including the Federal Bureau of Investigation. While we continue to investigate the incident, ASAS Health took multiple steps to lessen the possibility of harm arising from the incident including immediately implementing its cyber security incident protocols and engaging the services of cyber security experts. We cannot definitively determine whether and what information was actually accessed or subsequently compromised, however, in an abundance of caution, we are providing patient Notice.

 

What Information Was Involved?

We are not currently able to identify the specific information accessed or compromised, if at all.  The general types of information that might have been involved include:

 

  • Name
  • Date of birth
  • Address
  • Phone number
  • Email address
  • Driver’s license number
  • SSN
  • Diagnosis
  • Disability Code
  • Medicare ID number
  • Health Plan Carrier Information
  • Financial information

 

 

What We Are Doing:

To protect you and other patients from future breaches of personal, sensitive, and protected health information, we continue to refine our security protocols and maintain a robust information security system.  Additionally, resources and services available to impacted patients will be mailed.  ASAS Health will also fully cooperate with any law enforcement investigation.

 

What You Can Do:

We strongly encourage you to take precautionary measures now to help prevent and detect any misuse of your personal, sensitive, and protected health information.  Some recommended steps include:

 

  • Be alert for “phishing” e-mails that appear to come from someone you know, including your health care provider.  If you receive a suspicious information from ASAS Health regarding your personal, sensitive, or protected health information, please contact us immediately.
  • Closely monitor any documents and information purported to be sent by ASAS Health or your health care provider.  Contact ASAS Health if something looks suspicious or unfamiliar.
  • Request a copy of your current medical records from each health care provider.  Review them to make sure the information is familiar.  Report any errors or suspicious information to your health care provider.
  • Ask your health care providers to provide a list of all the times your medical information has been shared and the reasons for sharing.  Review the list and report any errors or suspicious information to your health care provider.
  • Monitor your financial accounts.  If you see any unauthorized activity, promptly contact your financial institution.  You should also report any fraudulent activity or any suspected incidents of identity theft to law enforcement.
  • Request a free credit report.  You can obtain a free credit report annually from each of three nationwide credit reporting agencies at AnnualCreditReport.com or by calling 1-877-322-8228.  The site is supported by the three major credit reporting companies: Equifax, Experian, and TransUnion.  Even if you do not see any suspicious activity now, the Federal Trade Commission recommends checking your credit reports periodically.  Your personal information may be held for use or shared among a group at different times, so checking your credit reports periodically can help you quickly identify problems.
  • Take steps recommended by the Federal Trade Commission (“FTC”) to protect yourself from identity theft.  The FTC’s website offers helpful information at https://www.ftc.gov/news-events/topics/identity-theft.