HIPAA Security Incident
 
Dr. Haariss Ilyas is accepting patients at our Addison and Cedar Hill offices!
Skip to main content

HIPAA Security Incident


 

Texas Spine Consultants (“TSC”) Provides Notice of Data Security Incident

Texas Spine Consultants (“TSC”) is a full-service orthopedic center specializing in all conditions that affect the spine. TSC is providing notice that it experienced a cybersecurity incident that may involve the personal and protected health information of some patients it serves. As such, TSC will mail notice of this incident to potentially impacted individuals and is providing resources to assist them. TSC sincerely regrets any inconvenience that this incident may cause and remains dedicated to protecting all personal and health information.

What Happened?  

On or about May 13, 2024, Texas Spine Consultants, PLLC (“TSC”)  detected unusual activity with one of its employee’s email account. Upon discovery of this incident, TSC promptly engaged a specialized third-party cybersecurity firm and IT vendor to assist with securing the email account in question, as well as to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. The forensics investigation determined that certain patient data contained in the email account was accessible by an unauthorized actor.

Based on the findings of the forensic investigation, TSC engaged a third party to conduct a comprehensive review of the contents of the email account to identify specific individuals and types of information that may have been impacted. This data mining process was completed on September 5, 2024. Since that time, TSC has been thoroughly reviewing its files to obtain last known addresses to mail notice to affected individuals. On October 4, 2024, TSC finalized the list of individuals to notify.

 

What Information Was Involved?

The review of the contents of the compromised email account revealed that the type of information that was subject to unauthorized access was primarily limited to patients’ names, date of birth, medical information, and health insurance information.  The information did not include patient social security numbers, driver’s license numbers, financial account information, or credit or debit card information.

Out of an abundance of caution, TSC is providing notification to all potentially impacted patients.

 

What Are We Doing?

TSC takes the security of patient information very seriously, and has taken steps to prevent a similar event from occurring in the future. Since the discovery of the incident, TSC moved quickly to investigate, respond, and confirm the security of our systems. Specifically, TSC engaged a specialized cybersecurity firm and IT personnel to conduct a forensic investigation to determine the nature and scope of the incident. Additionally, TSC changed all user credentials, enhanced the security measures (including MFA), and took steps and will continue to take steps to mitigate the risk of future harm.  

TSC will be mailing letters to potentially impacted individuals that includes steps that they can take to protect their information. In order to address any patient concerns and mitigate any exposure or risk of harm following this incident, TSC has  arranged for complimentary credit monitoring services, Dark Web monitoring services, and identity theft protection services for a period of twelve (12) months. TSC encourages individuals to enroll in these complimentary services. 

 

What Can You Do

TSC encourages individuals to review the addendum to this notice titled “Additional Resources To Help Protect Your Information” outlining additional steps they can take to protect their information.

 

For More Information

For individuals seeking more information about the incident, please call TSC’s dedicated toll-free helpline at 1-877-225-2133, Monday through Friday, between 9 a.m. and 9 p.m. Eastern Standard Time, Monday through Friday, excluding U.S. national holidays.

 

Sincerely,

Roseanne Armstrong

Practice Manager

Texas Spine Consultants

 

 

ADDITIONAL RESOURCES TO HELP PROTECT YOUR INFORMATION

Monitor Your Accounts

We recommend that you remain vigilant for incidents of fraud or identity theft by regularly reviewing your credit reports and financial accounts for any suspicious activity. You should contact the reporting agency using the phone number on the credit report if you find any inaccuracies with your information or if you do not recognize any of the account activity.

You may obtain a free copy of your credit report by visiting www.annualcreditreport.com, calling toll-free at 1-877-322-8228, or by mailing a completed Annual Credit Report Request Form (available at www.annualcreditreport.com) to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report for a fee by contacting one or more of the three national credit reporting agencies.

You have rights under the federal Fair Credit Reporting Act (FCRA). The FCRA governs the collection and use of information about you that is reported by consumer reporting agencies. You can obtain additional information about your rights under the FCRA by visiting https://www.ftc.gov/legal-library/browse/statutes/fair-credit-reporting-act.

 

Credit Freeze

You have the right to add, temporarily lift and remove a credit freeze, also known as a security freeze, on your credit report at no cost. A credit freeze prevents all third parties, such as credit lenders or other companies, whose use is not exempt under law, from accessing your credit file without your consent. If you have a freeze, you must remove or temporarily lift it to apply for credit. Spouses can request freezes for each other as long as they pass authentication. You can also request a freeze for someone if you have a valid Power of Attorney. If you are a parent/guardian/representative, you can request a freeze for a minor 15 and younger.  To add a security freeze on your credit report you must make a separate request to each of the three national consumer reporting agencies by phone, online, or by mail by following the instructions found at their websites (see “Contact Information” below). The following information must be included when requesting a security freeze: (i) full name, with middle initial and any suffixes; (ii) Social Security number; (iii) date of birth (month, day, and year); (iv) current address and any previous addresses for the past five (5) years; (v) proof of current address (such as a copy of a government-issued identification card, a recent utility or telephone bill, or bank or insurance statement); and (vi) other personal information as required by the applicable credit reporting agency.

 

Fraud Alert

You have the right to add, extend, or remove a fraud alert on your credit file at no cost. A fraud alert is a statement that is added to your credit file that will notify potential credit grantors that you may be or have been a victim of identity theft. Before they extend credit, they should use reasonable procedures to verify your identity. Please note that, unlike a credit freeze, a fraud alert only notifies lenders to verify your identity before extending new credit, but it does not block access to your credit report. Fraud alerts are free to add and are valid for one year. Victims of identity theft can obtain an extended fraud alert for seven years. You can add a fraud alert by sending your request to any one of the three national reporting agencies by phone, online, or by mail by following the instructions found at their websites (see “Contact Information” below). The agency you contact will then contact the other credit agencies.

 

Federal Trade Commission

For more information about credit freezes and fraud alerts and other steps you can take to protect yourself against identity theft, you can contact the Federal Trade Commission (FTC) at 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338), TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above.

You should also report instances of known or suspected identity theft to local law enforcement and the Attorney General’s office in your home state and you have the right to file a police report and obtain a copy of your police report.

 

Contact Information

Below is the contact information for the three national credit reporting agencies (Experian, Equifax, and TransUnion) if you would like to add a fraud alert or credit freeze to your credit report.

 

Credit Reporting Agency

Access Your

Credit Report

Add a Fraud Alert

Add a Security Freeze

Experian

P.O. Box 2002

Allen, TX 75013-9701

1-866-200-6020

www.experian.com

P.O. Box 9554

Allen, TX 75013-9554

1-888-397-3742

https://www.experian.com/fraud/center.html

P.O. Box 9554

Allen, TX 75013-9554

1-888-397-3742

www.experian.com/freeze/center.html

Equifax

P.O. Box 740241

Atlanta, GA 30374-0241

1-866-349-5191

www.equifax.com

P.O. Box 105069

Atlanta, GA 30348-5069

1-800-525-6285

www.equifax.com/personal/credit-report-services/credit-fraud-alerts

P.O. Box 105788

Atlanta, GA 30348-5788

1-888-298-0045

www.equifax.com/personal/credit--report-services

TransUnion

P.O. Box 1000

Chester, PA 19016-1000

1-800-888-4213

www.transunion.com

P.O. Box 2000

Chester, PA 19016

1-800-680-7289

www.transunion.com/fraud-alerts

P.O. Box 160

Woodlyn, PA 19094

1-800-916-8800

www.transunion.com/credit-freeze

 

Iowa and Oregon residents are advised to report suspected incidents of identity theft to local law enforcement, to their respective Attorney General, and the FTC.

Massachusetts residents are advised of their right to obtain a police report in connection with this incident.

District of Columbia residents are advised of their right to obtain a security freeze free of charge and can obtain information about steps to take to avoid identity theft by contacting the FTC (contact information provided above) and the Office of the Attorney General for the District of Columbia, Office of Consumer Protection, at 400 6th St. NW, Washington, D.C. 20001, by calling the Consumer Protection Hotline at (202) 442-9828, by visiting https://oag.dc.gov, or emailing at [email protected].

Maryland residents can obtain information about steps they can take to avoid identity theft by contacting the FTC (contact information provided above) or the Maryland Office of the Attorney General, Consumer Protection Division Office at 44 North Potomac Street, Suite 104, Hagerstown, MD 21740, by phone at 1-888-743-0023 or 410-528-8662, or by visiting http://www.marylandattorneygeneral.gov/Pages/contactus.aspx.

New York residents are advised that in response to this incident they can place a fraud alert or security freeze on their credit reports and may report any incidents of suspected identity theft to law enforcement, the FTC, the New York Attorney General, or local law enforcement. Additional information is available at the website of the New York Department of State Division of Consumer Protection at https://dos.nysits.acsitefactory.com/consumerprotection; by visiting the New York Attorney General at https://ag/ny.gov or by phone at 1-800-771-7755; or by contacting the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/ or https://www.identitytheft.gov/#/.

North Carolina residents are advised to remain vigilant by reviewing account statements and monitoring free credit reports and may obtain information about preventing identity theft by contacting the FTC (contact information provided above) or the North Carolina Office of the Attorney General, Consumer Protection Division at 9001 Mail Service Center, Raleigh, NC 27699-9001, or visiting www.ncdoj.gov, or by phone at 1-877-5-NO-SCAM (1-877-566-7226) or (919) 716-6000.

Rhode Island residents are advised that they may file or obtain a police report in connection with this incident and place a security freeze on their credit file and that fees may be required to be paid to the consumer reporting agencies.

Our Locations

Choose your preferred location