LAKE OSWEGO, Ore., April 2, 2019 /PRNewswire/ — On November 13, 2018, Oregon Endodontic Group became aware of suspicious activity in the office’s email account. Oregon Endodontic Group immediately began an investigation to determine what happened and what information may have been affected. A third-party forensic investigator was also retained to assist with the investigation. The investigation revealed that a piece of malware known as Emotet was downloaded to the office’s front office computer on November 9, 2018. Emotet has the ability to exfiltrate data from emails. As part of the investigation, Oregon Endodontic Group was unable to rule out data from the office’s email account being exfiltrated. The email account was then reviewed to determine whether it contained any protected health information. On February 11, 2019, Oregon Endodontic Group confirmed that the email account contained protected health information of certain current and former patients. The types of information contained within the email account varied by individual but included name and one or more of date of birth, treatment/diagnosis information or health insurance information for most of the affected individuals. In addition, name and Social Security number was included for forty-one (41) individuals, name and driver’s license number for two (2) individuals, and name and financial account information for seven (7) individuals. Oregon Endodontic Group does not have evidence the information in the email account was exfiltrated. However, the malware impacting the office’s computer has such capability and Oregon Endodontic Group cannot rule out exfiltration of the data from emails.
Oregon Endodontic Group encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity. Oregon Endodontic Group is providing potentially impacted individuals with contact information for the three major credit reporting agencies, as well as providing advice on how to obtain free credit reports and how to place fraud alerts and security freezes on their credit files. Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report. The relevant contact information is below:
P.O. Box 105069
Atlanta, GA 30348
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.
Oregon Endodontic Group set up a call center to answer questions from those who may have been impacted by this incident. The call center can be reached at 866-297-8759 Monday through Friday, 6:00 a.m. to 3:30 p.m. PT (excluding some U.S. holidays).
Additional information on how potentially impacted individuals can protect themselves can also be found at Oregon Endodontic Group’s website: www.oregonendodonticgroup.com. Instances of known or suspected identity theft should also be reported to law enforcement or the individual’s state Attorney General.
SOURCE Oregon Endodontic Group