Notice of Data Privacy Event

About the data privacy event

Alive Hospice recently discovered an event that may affect the security of some personal information. While, to date, we have no evidence that personal information potentially affected by this event has been misused, we are providing notice of the event so potentially affected individuals may take steps to better protect against possible misuse of information, should they feel it appropriate to do so.

Frequently asked questions

Q. What Happened?  On or around December 20, 2017, and April 5, 2018, Alive Hospice experienced email phishing events that affected an employee email account.  Alive Hospice immediately took steps to respond to and investigate these events and, while the investigations found no evidence of unauthorized access to personal information, Alive Hospice took steps to change the user’s password on both occasions in an abundance of caution. On or around May 15, 2018, during a review of its email system, Alive Hospice learned of ongoing unauthorized activity in the employee’s email account that may have resulted in unauthorized access to certain personal information. Alive Hospice immediately commenced an investigation to determine the nature and scope of the incident, as well as determine what information may be affected. Through the investigation, which included working with third party forensic investigators, Alive Hospice determined that an unauthorized actor(s) gained access to two Alive Hospice employee email accounts. The investigation determined the unauthorized activity began on or around December 20, 2017, for one user and on or around April 5, 2018, for the other user. 

Q. What Information Was Involved? While the information potentially affected varies by individual, Alive Hospice’s investigation determined that the information that may have been affected includes name, date of birth, Social Security number, passport number, driver’s license or state identification number, copy of birth or marriage certificate, financial account number, medical history information, treatment and prescription information, health insurance information, username/email and password information, biometric identifiers, IRS pin number, digital signatures, and security questions and answers. To date, Alive Hospice has no evidence that any information potentially impacted by this incident was subject to actual or attempted misuse.

Q. What Is Alive Hospice Doing to Respond?  The confidentiality, privacy, and security of information in Alive Hospice’s care is one of its highest priorities.  Upon learning that patient information may have been affected by this incident, Alive Hospice commenced an investigation to confirm the nature and scope of the event and identify what personal information may have been present in the affected emails. With the assistance of third party forensic investigators, Alive Hospice has been working to identify and put in place resources to assist potentially impacted individuals. While Alive Hospice already has stringent security measures in place to protect information in its systems, Alive Hospice is also implementing additional safeguards to protect the security of information.   

On July 13, 2018, Alive Hospice began mailing notice letters to individuals who may have been affected by this incident. Alive Hospice is offering potentially impacted individuals access to credit monitoring and identity restoration services for one year without charge. Alive Hospice has provided notice of this incident to the U.S. Department of Health and Human Services, as well as required state regulators. 

Q. What Can I Do to Protect My Information? 

Monitor Your Accounts 

Credit Reports.  We encourage potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and monitoring their free credit reports and explanation of benefits forms for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

Fraud Alerts.  At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below:

Equifax
P.O. Box 105069
Atlanta, GA 30348

800-525-6285

www.equifax.com

Experian
P.O. Box 2002
Allen, TX 75013

888-397-3742

www.experian.com

TransUnion
P.O. Box 2000
Chester, PA 19106

800-680-7289

www.transunion.com

Security Freeze.  You may also place a security freeze on your credit reports. A security freeze prohibits a credit bureau from releasing any information from a consumer’s credit report without the consumer’s written authorization. However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services. If you have been a victim of identity theft and you provide the credit bureau with a valid police report, it cannot charge you to place, lift, or remove a security freeze. In all other cases, a credit bureau may charge you a fee to place, temporarily lift, or permanently remove a security freeze.  Fees vary based on where you live, but commonly range from $3 to $15. You will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place a freeze on all of your credit files. In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence. To find out more on how to place a security freeze, you can use the following contact information:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348

1-800-685-1111

https://www.freeze.equifax.com

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

1-888-397-3742

www.experian.com/freeze/ 

TransUnion
P.O. Box 2000
Chester, PA 19016

1-888-909-8872

www.transunion.com/credit-freeze/place-credit-freeze

Additional Information. You can further educate yourself regarding identity theft, security freezes, fraud alerts, and the steps you can take to protect yourself against identity theft and fraud by contacting the Federal Trade Commission or your state Attorney General, as well as the credit reporting agencies listed above. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission encourages those who discover that their information has been misused to file a complaint with them. Instances of known or suspected identity theft should be reported to law enforcement, the Federal Trade Commission, and your state Attorney General.

Q. Where Can I Go to Get More Information? Alive Hospice has set up a dedicated assistance line to answer questions regarding this incident. The dedicated assistance line may be reached at 888-998-7768.