Potential Breach of Protected Health Information
On September 11, 2019 Aegis Medical Group became aware from law enforcement that a former employee inappropriately accessed account information of certain Aegis patients. It appears that the former employee tried to sell certain account information to third parties who may have been engaged in some form of attempted identity theft or financial fraud. As of the date of this notice, law enforcement has identified only two (2) Aegis patients whose personal information the former employee attempted to sell. It is believed that the improper access occurred between July 24, 2019 and September 9, 2019. The records potentially subject to unauthorized access included the following information: a patient’s first and last name, social security number, date of birth, account number, mailing address and diagnosis.
While Aegis has sent disclosure notices to patients who may have been affected, those who believe they may be affected by this incident are advised to remain vigilant for incidents of fraud and identify theft, and, in particular, consider taking the following precautions: (1) monitoring bank accounts and credit card activity, (2) monitoring credit reports for unknown transactions, (3) locking social security number through the credit bureaus, (4) placing a fraud alert on the credit bureaus, and/or (5) creating an Identity Theft Report by filing a complaint with the Federal Trade Commission and local police departments.
Aegis has taken steps to protect the information of these patients and to provide them with tools to continue that protection. Aegis immediately began working closely with law enforcement to identify the records of patients that could have been affected. It also terminated the employee immediately after learning about this incident. Aegis also has provided access to free credit and cyber monitoring for individuals who may have been affected.
In addition, Aegis has taken steps to minimize future risk of similar incidents. It reviewed its relevant policies and procedures and has begun to implement changes. The company estimates that approximately seventy-five percent (75%) of the potentially exposed records were non-electronic paper records and has undertaken a process to convert additional paper records to electronic format. Although the paper records were properly stored, this effort will allow Aegis to better control and restrict access to account records. Aegis has also made its employees aware of the incident, the consequences to the individual involved and has reminded its employees of the importance of maintaining the security and confidentiality of individual patient account records.
Patients with general questions about this incident may contact Aegis at 888-701-7172 to obtain more information.
711 North 3rd Street 711 N. 3rd Street, Leesburg, FL 34748