Texas Spine Consultants (“TSC”) Provides Notice of Data Security Incident
Texas Spine Consultants (“TSC”) is a full-service orthopedic center specializing in all conditions that affect the spine. TSC is providing notice that it experienced a cybersecurity incident that may involve the personal and protected health information of some patients it serves. As such, TSC will mail notice of this incident to potentially impacted individuals and is providing resources to assist them. TSC sincerely regrets any inconvenience that this incident may cause and remains dedicated to protecting all personal and health information.
What Happened?
On or about May 13, 2024, Texas Spine Consultants, PLLC (“TSC”) detected unusual activity with one of its employee’s email account. Upon discovery of this incident, TSC promptly engaged a specialized third-party cybersecurity firm and IT vendor to assist with securing the email account in question, as well as to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. The forensics investigation determined that certain patient data contained in the email account was accessible by an unauthorized actor.
Based on the findings of the forensic investigation, TSC engaged a third party to conduct a comprehensive review of the contents of the email account to identify specific individuals and types of information that may have been impacted. This data mining process was completed on September 5, 2024. Since that time, TSC has been thoroughly reviewing its files to obtain last known addresses to mail notice to affected individuals. On October 4, 2024, TSC finalized the list of individuals to notify.
What Information Was Involved?
The review of the contents of the compromised email account revealed that the type of information that was subject to unauthorized access was primarily limited to patients’ names, date of birth, medical information, and health insurance information. The information did not include patient social security numbers, driver’s license numbers, financial account information, or credit or debit card information.
Out of an abundance of caution, TSC is providing notification to all potentially impacted patients.
What Are We Doing?
TSC takes the security of patient information very seriously, and has taken steps to prevent a similar event from occurring in the future. Since the discovery of the incident, TSC moved quickly to investigate, respond, and confirm the security of our systems. Specifically, TSC engaged a specialized cybersecurity firm and IT personnel to conduct a forensic investigation to determine the nature and scope of the incident. Additionally, TSC changed all user credentials, enhanced the security measures (including MFA), and took steps and will continue to take steps to mitigate the risk of future harm.
TSC will be mailing letters to potentially impacted individuals that includes steps that they can take to protect their information. In order to address any patient concerns and mitigate any exposure or risk of harm following this incident, TSC has arranged for complimentary credit monitoring services, Dark Web monitoring services, and identity theft protection services for a period of twelve (12) months. TSC encourages individuals to enroll in these complimentary services.
What Can You Do?
TSC encourages individuals to review the addendum to this notice titled “Additional Resources To Help Protect Your Information” outlining additional steps they can take to protect their information.
For More Information
For individuals seeking more information about the incident, please call TSC’s dedicated toll-free helpline at 1-877-225-2133, Monday through Friday, between 9 a.m. and 9 p.m. Eastern Standard Time, Monday through Friday, excluding U.S. national holidays.
Sincerely,
Roseanne Armstrong
Practice Manager
Texas Spine Consultants
ADDITIONAL RESOURCES TO HELP PROTECT YOUR INFORMATION
Monitor Your Accounts
We recommend that you remain vigilant for incidents of fraud or identity theft by regularly reviewing your credit reports and financial accounts for any suspicious activity. You should contact the reporting agency using the phone number on the credit report if you find any inaccuracies with your information or if you do not recognize any of the account activity.
You may obtain a free copy of your credit report by visiting www.annualcreditreport.com, calling toll-free at 1-877-322-8228, or by mailing a completed Annual Credit Report Request Form (available at www.annualcreditreport.com) to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report for a fee by contacting one or more of the three national credit reporting agencies.
You have rights under the federal Fair Credit Reporting Act (FCRA). The FCRA governs the collection and use of information about you that is reported by consumer reporting agencies. You can obtain additional information about your rights under the FCRA by visiting https://www.ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act.
Credit Freeze
You have the right to add, temporarily lift and remove a credit freeze, also known as a security freeze, on your credit report at no cost. A credit freeze prevents all third parties, such as credit lenders or other companies, whose use is not exempt under law, from accessing your credit file without your consent. If you have a freeze, you must remove or temporarily lift it to apply for credit. Spouses can request freezes for each other as long as they pass authentication. You can also request a freeze for someone if you have a valid Power of Attorney. If you are a parent/guardian/representative, you can request a freeze for a minor 15 and younger. To add a security freeze on your credit report you must make a separate request to each of the three national consumer reporting agencies by phone, online, or by mail by following the instructions found at their websites (see “Contact Information” below). The following information must be included when requesting a security freeze: (i) full name, with middle initial and any suffixes; (ii) Social Security number; (iii) date of birth (month, day, and year); (iv) current address and any previous addresses for the past five (5) years; (v) proof of current address (such as a copy of a government-issued identification card, a recent utility or telephone bill, or bank or insurance statement); and (vi) other personal information as required by the applicable credit reporting agency.
Fraud Alert
You have the right to add, extend, or remove a fraud alert on your credit file at no cost. A fraud alert is a statement that is added to your credit file that will notify potential credit grantors that you may be or have been a victim of identity theft. Before they extend credit, they should use reasonable procedures to verify your identity. Please note that, unlike a credit freeze, a fraud alert only notifies lenders to verify your identity before extending new credit, but it does not block access to your credit report. Fraud alerts are free to add and are valid for one year. Victims of identity theft can obtain an extended fraud alert for seven years. You can add a fraud alert by sending your request to any one of the three national reporting agencies by phone, online, or by mail by following the instructions found at their websites (see “Contact Information” below). The agency you contact will then contact the other credit agencies.
Federal Trade Commission
For more information about credit freezes and fraud alerts and other steps you can take to protect yourself against identity theft, you can contact the Federal Trade Commission (FTC) at 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338), TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above.
You should also report instances of known or suspected identity theft to local law enforcement and the Attorney General’s office in your home state and you have the right to file a police report and obtain a copy of your police report.
Contact Information
Below is the contact information for the three national credit reporting agencies (Experian, Equifax, and TransUnion) if you would like to add a fraud alert or credit freeze to your credit report.
|
Credit Reporting Agency |
Access Your Credit Report |
Add a Fraud Alert |
Add a Security Freeze |
|
Experian |
P.O. Box 2002 Allen, TX 75013-9701 1-866-200-6020 www.experian.com |
P.O. Box 9554 Allen, TX 75013-9554 1-888-397-3742 https://www.experian.com/fraud/center.html |
P.O. Box 9554 Allen, TX 75013-9554 1-888-397-3742 www.experian.com/freeze/center.html |
|
Equifax |
P.O. Box 740241 Atlanta, GA 30374-0241 1-866-349-5191 www.equifax.com |
P.O. Box 105069 Atlanta, GA 30348-5069 1-800-525-6285 www.equifax.com/personal/credit-report-services/credit-fraud-alerts |
P.O. Box 105788 Atlanta, GA 30348-5788 1-888-298-0045 www.equifax.com/personal/credit--report-services |
|
TransUnion |
P.O. Box 1000 Chester, PA 19016-1000 1-800-888-4213 www.transunion.com |
P.O. Box 2000 Chester, PA 19016 1-800-680-7289 www.transunion.com/fraud-alerts |
P.O. Box 160 Woodlyn, PA 19094 1-800-916-8800 www.transunion.com/credit-freeze |
Iowa and Oregon residents are advised to report suspected incidents of identity theft to local law enforcement, to their respective Attorney General, and the FTC.
Massachusetts residents are advised of their right to obtain a police report in connection with this incident.
District of Columbia residents are advised of their right to obtain a security freeze free of charge and can obtain information about steps to take to avoid identity theft by contacting the FTC (contact information provided above) and the Office of the Attorney General for the District of Columbia, Office of Consumer Protection, at 400 6th St. NW, Washington, D.C. 20001, by calling the Consumer Protection Hotline at (202) 442-9828, by visiting https://oag.dc.gov, or emailing at [email protected].
Maryland residents can obtain information about steps they can take to avoid identity theft by contacting the FTC (contact information provided above) or the Maryland Office of the Attorney General, Consumer Protection Division Office at 44 North Potomac Street, Suite 104, Hagerstown, MD 21740, by phone at 1-888-743-0023 or 410-528-8662, or by visiting http://www.marylandattorneygeneral.gov/Pages/contactus.aspx.
New York residents are advised that in response to this incident they can place a fraud alert or security freeze on their credit reports and may report any incidents of suspected identity theft to law enforcement, the FTC, the New York Attorney General, or local law enforcement. Additional information is available at the website of the New York Department of State Division of Consumer Protection at https://dos.nysits.acsitefactory.com/consumerprotection; by visiting the New York Attorney General at https://ag/ny.gov or by phone at 1-800-771-7755; or by contacting the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/ or https://www.identitytheft.gov/#/.
North Carolina residents are advised to remain vigilant by reviewing account statements and monitoring free credit reports and may obtain information about preventing identity theft by contacting the FTC (contact information provided above) or the North Carolina Office of the Attorney General, Consumer Protection Division at 9001 Mail Service Center, Raleigh, NC 27699-9001, or visiting www.ncdoj.gov, or by phone at 1-877-5-NO-SCAM (1-877-566-7226) or (919) 716-6000.
Rhode Island residents are advised that they may file or obtain a police report in connection with this incident and place a security freeze on their credit file and that fees may be required to be paid to the consumer reporting agencies.
