HIPAA WEBSITE SUBSTITUTE NOTICE

Elitecare Emergency Hospital 

Haga clic aqui para la version en español

Su información personal puede haber estado involucrada en un incidente de datos. Si desea recibir una versión de esta carta en español, por favor llame (281)-589-0810.

Notice of Data Breach (September 16, 2024)

This notice is from Elitecare Emergency Hospital, formerly known as Elitecare Emergency Room (“Elitecare,” “we,” “our”), about a recent cybersecurity incident. This incident involved the unauthorized access to personal information and/or protected health information (collectively “PHI”) in our network.

We are posting this substitute notice to provide customers and individuals with information about the criminal cyberattack on our systems and to share resources available to people who believe their personal data potentially being impacted. 

Elitecare takes the privacy and security of your PHI very seriously, and our review of the incident is ongoing. Although we have not detected any attempted or actual misuse of your PHI, Elitecare is providing this notice to help you understand what happened, let you know that your information may have been impacted, and give you information on steps you can take to protect your privacy. We are also offering to provide you with two years of complimentary credit monitoring and identity theft protection services at no cost to you.

Elitecare mailed notices to affected individuals, for whom we have a sufficient address, on September 16, 2024. Please note, we may not have sufficient addresses for all affected individuals. 

What happened?

Elitecare identified suspicious activity on its computer systems on July 10, 2024, and took immediate steps to stop the activity. Specifically, we disconnected and turned off systems to prevent further impact, retained an outside cybersecurity incident response team to augment our information technology company’s resources, began an investigation, and contacted federal law enforcement. On July 17, 2024, we determined the incident was a cybersecurity breach and worked with the incident response team to conduct a forensic analysis. The investigation confirmed that the intruder accessed PHI, but we have not identified evidence this incident spread beyond the original intruder.

What information was involved?

While Elitecare cannot confirm exactly what data was affected for each impacted individual, information involved for affected individuals may have included contact information (such as first and last name, address, date of birth, phone number, and email) and one or more of the following:

• Health insurance information (such as primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);
• Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care, and treatment);
• Billing, claims, and payment information (such as claim numbers, account numbers, billing codes, payments made, and balance due); and/or
• Other personal information such as Social Security numbers, driver’s licenses or state ID numbers.

The information that may have been involved will not be the same for every impacted individual and may vary further depending on whether your relationship with Elitecare was as a patient or as a guarantor.

What we are doing.

The safety, privacy, and security of our patients are our priorities. Elitecare, along with leading external industry experts, continue to monitor the internet and dark web for any indication that the affected personal information is being circulated. To date, we have seen no indications. Following the incident, Elitecare has reinforced its policies and implemented additional technological safeguards to reduce the risk of similar incidents in the future.

What you can do.

In addition to the steps taken by Elitecare, there are steps individuals can take to protect themselves:

• Any individual who believes their information may have been impacted by this incident can enroll in two years of complimentary credit monitoring and identity protection services. Elitecare is offering to pay for these services for two years.
• Individuals should be on the lookout and regularly monitor the explanation of benefits statements received from their health plan and statements from health care providers, as well as bank and credit card statements, credit reports, and tax returns, to check for any unfamiliar activity.
• If individuals notice any health care services they did not receive listed on an explanation of benefits statement, they should contact their health plan or doctor.
• If individuals notice any suspicious activity on bank or credit card statements or on tax returns, they should immediately contact their financial institution and/or credit card company or relevant agency.
• If an individual believes they are the victim of a crime, they can contact local law enforcement authorities and file a police report.

Individuals may have additional rights available to them depending on the state they live in and should refer to the Reference Guide for additional information.

For more information.

As Elitecare continues to work with leading industry experts to analyze data involved in this cyberattack, immediate support and robust protections are available to individuals who may be concerned about their information.

Elitecare regrets any inconvenience or concern caused by this incident and has established a dedicated call center to offer additional resources and information to people who believe they may have been affected by this incident. Individuals can visit https://response.idx.us/ERLC for more information and details on these resources or call the toll-free call center, which also includes trained agents to provide support services. The call center’s number is: (877) 225-2067, available Monday through Friday, 8 a.m. to 8 p.m. CT.

How to Enroll in IDX Credit and Identity Monitoring Services

We encourage you to contact IDX with any questions and to enroll in 24 months of free identity protection services by calling (877) 225-2067. The enrollment deadline is December 16, 2024.

Individuals must enroll for the available services to go into effect, and the monitoring included in the membership must be activated to be effective. Please note that credit monitoring services may not be available for individuals who have not established credit or an address in the United States (or its territories) and a valid Social Security number. Enrolling in this service will not affect your credit score. If you need assistance, IDX will be able to assist you.

Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.

REFERENCE GUIDE

Review Your Account Statements

Carefully review statements sent to you from your healthcare providers, insurance company, and financial institutions to ensure that all of your account activity is valid. Report any questionable charges promptly to the provider or company with which you maintain the account.

Provide Any Updated Personal Information to Your Health Care Provider

Your health care provider’s office may ask to see a photo ID to verify your identity. Please bring a photo ID with you to every appointment if possible. Your provider’s office may also ask you to confirm your date of birth, address, telephone, and other pertinent information so that they can make sure that all of your information is up-to-date. Please be sure and tell your provider’s office when there are any changes to your information. Carefully reviewing this information with your provider’s office at each visit can help to avoid problems and to address them quickly should there be any discrepancies.

Order Your Free Credit Report

To order your free annual credit report, visit www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

Upon receiving your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you have not requested credit. Some companies bill under names other than their store or commercial names; the credit bureau will be able to tell if this is the case. Look in the “personal information” section for any inaccuracies in information (such as home address and Social Security Number).

If you see anything you do not understand, call the credit bureau at the number on the report. Errors may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Information that cannot be explained should also be reported to your local police or sheriff’s office because it may signal criminal activity.

Contact the U.S. Federal Trade Commission

If you detect any unauthorized transactions in any of your financial accounts, promptly notify your payment card company or financial institution. If you detect any incidents of identity theft or fraud, promptly report the matter to your local law enforcement authorities, state Attorney General and the FTC.

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft by using the contact information below:

Federal Trade Commission Consumer Response Center 600 Pennsylvania Avenue, NW Washington, DC 20580

1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft/

Place a Fraud Alert on Your Credit File

To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect against the possibility of an identity thief opening new credit accounts in your name. When a credit grantor checks the credit history of someone applying for credit, the credit grantor gets a notice that the applicant may be the victim of identity theft. The alert notifies the credit grantor to take steps to verify the identity of the applicant. You can

place a fraud alert on your credit report by calling any one of the toll-free fraud numbers provided below. You will reach an automated telephone system that allows flagging of your file with a fraud alert at all three credit bureaus.

Equifax P.O. Box 105069 Atlanta, Georgia 30348

Experian P.O. Box 9554 Allen, Texas 75013

TransUnion P.O. Box 2000

Chester, PA 19016

1- 888-766-0008 www.equifax.com

1-888-397-3742 www.experian.com

1-800-680-7289 www.transunion.com

Security Freezes

You have the right to request a credit freeze from a consumer reporting agency, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit.

Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit bureau. To place a security freeze on your credit report, you must contact the credit reporting agency by phone, mail, or secure electronic means and provide proper identification of your identity. The following information must be included to request a security freeze (NOTE – if you are requesting a security freeze for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.

Below, please find relevant contact information for the three consumer reporting agencies:

Equifax Security Freeze P.O. Box 105788

Atlanta, GA 30348

Experian Security Freeze P.O. Box 9554

Allen, TX 75013

TransUnion P.O. Box 160 Woodlyn, PA 19094

1-800-685-1111 www.equifax.com

1-888-397-3742 www.experian.com

1-888-909-8872 www.transunion.com

Once you have submitted your request, the credit reporting agency must place the security freeze no later than 1 business day after receiving a request by phone or secure electronic means, and no later than 3 business days after receiving a request by mail. No later than 5 business days after placing the security freeze, the credit reporting agency will send you confirmation and information on how you can remove the freeze in the future

For Residents Of Additional Information

District of Columbia

You may contact the D.C. Attorney General’s Office to obtain information about steps to take to avoid identity theft: D.C. Attorney General’s Office, Office of Consumer Protection, 400 6th Street, NW, Washington DC 20001, 1-202-442-9828, www.oag.dc.gov.

Iowa You may contact law enforcement or the Iowa Attorney General’s office to report suspected incidents of identity theft. The Iowa Attorney General’s Office can be reached at: Iowa Attorney General’s Office, Director of Consumer Protection Division, 1305 E. Walnut Street, Des Moines, IA 50319, 1-515-281-5926, www.iowattorneygeneral.gov.

Maryland You may also obtain information about preventing and avoiding identity theft from the Maryland Office of the Attorney General: Maryland Office of the Attorney General, Consumer Protection   Division,   200   St.   Paul   Place,   Baltimore,   MD   21202, 1-888-743-0023, http://www.marylandattorneygeneral.gov/.