Milan Eye Center Notifies Affected Individuals of Vendor’s Information Security Incident

The privacy and security of personal information is of the utmost importance to Milan Eye Center. This notification provides important information regarding a security incident involving an external third-party vendor, iMedicWare, Inc., our former provider of electronic health record technology.

On December 9, 2022, we received a communication indicating that protected health information of our patients had been compromised and we immediately commenced an investigation. As a result of the investigation, which we recently completed, we determined on July 24, 2023, that an unauthorized individual obtained access to at least some historical patient archives of Milan Eye Center maintained by iMedicWare, Inc. between May 18, 2020 and July 23, 2020. The accessed records included the full name, date of birth, telephone number, insurance coverage information, social security number, location where services were provided, dates of service, and health status of certain of our patients. However, despite the best efforts of multiple cybersecurity experts who specialize in incidents like these, we were not able to determine the full extent of patient records accessed. As a result, we are taking the conservative step of notifying patients who received services on or before July 23, 2020 to the extent we have a last known home address.

To date, we are not aware of any reports of identity fraud or improper use of any information as a direct result of this incident. Out of an abundance of caution, we provided written notification of this incident commencing on or about August 23, 2023, to all those potentially impacted to the extent we had a last known home address. The notice letter specifies steps affected individuals may take in order to protect themselves, including enrolling in complimentary credit monitoring services, placing a fraud alert/security freeze on their credit files, obtaining free credit reports, remaining vigilant in reviewing financial account statements and credit reports for fraudulent or irregular activity, and taking steps to safeguard against medical identity theft.

We deeply regret that this incident occurred and, while none of our internal systems were compromised, we are committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it. We no longer use iMedicWare as our electronic health record vendor and we have also implemented a number of new measures, including additional technical safeguards and policies, to enhance the security of our own information systems. In addition, we continually evaluate and modify our practices and internal controls to protect the security and privacy of your personal information.

Individuals with questions concerning this incident may call a dedicated and confidential toll-free
response line that we have set up to respond to questions at 1-678-310-2490. The response line is
available Monday through Friday, 9:00am to 5:00pm, Eastern Time.

 

OTHER IMPORTANT INFORMATION

Placing a Fraud Alert on Your Credit File.
We recommend that you place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.

Equifax
P.O. Box 105069
Atlanta, GA 30348-5069

https://www.equifax.com/personal/credit- report-services/credit-fraud-alerts/

(800) 525-6285

Experian
P.O. Box 9554
Allen, TX 75013
https://www.experian.com/fraud/center.html
(888) 397-3742

TransUnion
Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016-2000
https://www.transunion.com/fraud-alerts
(800) 680-7289

Consider Placing a Security Freeze on Your Credit File.
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788
https://www.equifax.com/personal/credit-report-services/credit-freeze/
(888)-298-0045

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
http://experian.com/freeze
(888) 397-3742

TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094
https://www.transunion.com/credit-freeze
(888) 909-8872

In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.

Obtaining a Free Credit Report.
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.

Additional Helpful Resources.
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.

North Carolina Residents: You may obtain information about preventing identity theft from the North Carolina Attorney General’s Office: Office of the Attorney General of North Carolina, Department of Justice, 9001 Mail Service Center, Raleigh, NC 27699-9001, www.ncdoj.gov/, Telephone: 877-566-7226.

Protecting Your Medical Information.

As a general matter, the following practices can help to protect you from medical identity theft.

  •  Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
  • Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.
  • Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.