ABOUT THE DATA PRIVACY EVENT
On February 4, 2021, Squirrel Hill Health Center (“Squirrel Hill”) became aware of suspicious activity on its computer network. Squirrel Hill, with the assistance of third-party computer forensic specialists, took immediate steps to investigate the nature and scope of the incident. Squirrel Hill is issuing this statement to provide additional details regarding what is known about the incident and the further steps it will be taking in response.
Frequently Asked Questions
What Happened? On February 4, 2021, Squirrel Hill became aware of suspicious activity on its computer network. Squirrel Hill immediately launched an investigation, with the assistance of third-party computer forensic specialists, and determined that its network had been infected with malware which prevented access to certain files on the system. The investigation determined that the malware was introduced into the system by an unauthorized actor and that certain files within Squirrel Hill’s systems were impacted. The potential unauthorized access occurred between January 28, 2021 and February 4, 2021. Squirrel Hill then began a lengthy and labor-intensive process to identify sensitive information that may have been contained within impacted files, and to identify the individuals whose information may have been impacted.
What Information Was Involved? The information contained within the files at issue varied by individual but contained some appointment scheduling details, dates of birth, a diagnostic code, and Social Security numbers for a small number of individuals. We have no evidence any information was subject to actual or attempted misuse.
What is Squirrel Hill Doing? Squirrel Hill takes this incident and the security of personal information seriously. Upon discovery, Squirrel Hill immediately launched an investigation and took steps to secure its systems and investigate activity. Squirrel Hill worked diligently to investigate and respond to this incident and to identify and notify potentially impacted individuals. Squirrel Hill is also reviewing and enhancing existing policies, procedures, and processes related to storage of and access to personal information. Squirrel Hill is also reporting this incident to relevant state and federal regulators as required. Squirrel Hill is notifying potentially impacted individuals so that they may take further steps to best protect their information, should they feel it is appropriate to do so. Squirrel Hill is also providing credit monitoring for individuals whose Social Security Number was potentially impacted by this incident.
What Can Affected Individuals Do? While Squirrel Hill has no evidence that any personal information was subject to actual or attempted misuse, it encourages anyone who thinks their information may have been impacted to monitor financial accounts and notify their bank immediately if they detect unauthorized or unusual activity. You can also review the below Steps You Can Take to Help Protect Your Information.
For more information. We understand some people may have additional questions concerning this incident. Individuals can direct questions to (855) 935-6082 between 8 am and 5:30 pm Central Time.
Squirrel Hill apologizes for any inconvenience this may cause and remains committed to the privacy and security of all information it maintains.
Squirrel Hill encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor credit reports for suspicious activity. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.
Individuals have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:
| Experian |
PO Box 9554
Allen, TX 75013
| TransUnion |
P.O. Box 2000
Chester, PA 19016
| Equifax |
PO Box 105788
Atlanta, GA 30348
In order to request a security freeze, individuals will need to provide the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
To remove the security freeze, you must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to you when you placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the agencies listed below:
|Experian P.O. Box 2002 Allen, TX 75013 1-888-397-3742 www.experian.com/fraud/center.html||TransUnion P.O. Box 2000 Chester, PA 19016 1-800-680-7289 www.transunion.com/fraud-victim-resource/place-fraud-alert||Equifax P.O. Box 105069 Atlanta, GA 30348 1-888-836-6351 www.equifax.com/personal/credit-report-services|
The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. You can also further educate yourself about placing a fraud alert or security freeze on your credit file by contacting the FTC or your state’s Attorney General. This notice has not been delayed by a law enforcement investigation.