ABOUT THE DATA INCIDENT
The Brooklyn Hospital Center (the “Hospital”) is providing notice of a recent data incident that may affect the security of certain patient information. In response to this incident, the Hospital conducted an extensive investigation and undertook diligent remediation efforts. Through this investigation, we found no evidence that data was accessed or acquired from our systems; however, based on the nature of the incident, we are unable to recover certain records related to specific patients. Therefore, we are notifying patients regarding this event and steps we have taken in response.
FREQUENTLY ASKED QUESTIONS
What Happened? In late July 2019, the Hospital became aware of unusual activity relating to certain Hospital servers. The Hospital immediately commenced an investigation, which included working with a leading third-party forensic investigation firm, to determine the full nature and scope of the incident. Through this investigation, we determined that a malware that encrypted certain systems had disrupted the operation of certain Hospital systems; however, the investigation found no evidence that data was actually accessed or acquired by an unauthorized person(s). However, on September 4, 2019, the investigation confirmed that due to the malware, and despite exhaustive efforts by the Hospital to recover the data, certain patient data was unrecoverable. While our recovery efforts are ongoing, based on this determination, we are undertaking a diligent review of the patient data that may be potentially impacted by this event and taking steps to notify those individuals whose records may no longer be available. To date, we are unaware of any actual or attempted access to or misuse of medical or personal information.
What Information Was Involved? We have determined that the unrecoverable information may include patient name and certain dental or cardiac images. As stated, there is no evidence of actual or attempted misuse of any personal information.
What Is The Hospital Doing? The privacy and security of information in our possession is one of the Hospital’s highest priorities and, accordingly, we have strict security measures in place to protect information in our care. Upon learning of this incident, we quickly took steps to restore our systems and ensure the security of our network. Further, we are reviewing our policies and procedures relating to data security and taking steps to enhance our existing security protocols.
What Can I Do? Affected patients can review the notice letter they received, which contains information on what they can do to better protect against the possibility of identity theft and fraud should they feel it is appropriate to do so. Additional information may also be found below.
Where Can I Get More Information? We sincerely regret any inconvenience or concern this incident may have caused. Affected patients can call our dedicated assistance line at 1-855-946-0131, Monday through Friday, 9:00 a.m. to 6:30 p.m. ET for more information.
STEPS TO PROTECT PERSONAL INFORMATION
Monitor Your Accounts
Again, the Hospital is unaware of, and a third-party investigation conducted by experts found no evidence that any actual access to personal data occurred as a result of this incident; however, the following steps can be taken to better protect personal information, should you feel it appropriate to do so. The Hospital encourages those who may be affected to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits, and to monitor credit reports for suspicious activity and to detect errors. Under U.S. law, adults are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report:
PO Box 9554, Allen, TX 75013
PO Box 2000, Chester, PA 19016
PO Box 105788, Atlanta, GA 30348-5788
You can further educate yourself regarding identity theft, credit fraud alerts, credit security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement.
For New York residents, the Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; https://ag.ny.gov/.