STATEMENT REGARDING FAIRBANKS HOSPITAL’S

RECENT DATA PRIVACY EVENT

December 16, 2016

To Our Valued Patients,

Fairbanks Hospital recently discovered an event that may affect the security of certain current and former patients’ protected health information. While we are unaware of any actual or attempted misuse of any protected health information, we are providing potentially impacted patients with information about the event, steps taken since discovering the incident, and what they can do to better protect against identity theft and fraud, should they feel it is appropriate to do so.

What Happened? On October 18, 2016, Fairbanks became aware that some files on our internal network that contained patient information were electronically accessible to Fairbanks employees, including employees who were not intended to have access to patient information. Fairbanks hired an outside computer forensics expert to determine the nature and scope of this issue. The investigation has determined that this issue existed since at least November of 2013, however we are unable to determine whether the issue existed prior to that time. We have now corrected this issue so that only the appropriate Fairbanks personnel has electronic access to files containing patient information.

The patient information impacted by this issue was only accessible to Fairbanks employees. Because we have not been able to confirm whether this issue ever resulted in inappropriate access to patient information by a Fairbanks employee, we are providing notice of this incident to all potentially affected individuals in an abundance of caution.

What Information Was Involved? Based upon our investigation, it was determined that the following types of patient information were contained on one or more files on our network that were impacted by this issue: name, Social Security number, date of birth, contact information, patient identification number, diagnosis, treatment information, health insurance information, and information relating to initial admission and scheduling of appointments. The types of information impacted were different depending on the individual patient, with the majority of affected patients only having their name and limited information relating to initial admission and scheduling of appointments impacted. Fairbanks is unaware of any actual or attempted misuse of patient information as a result of this incident.

What Are We Doing? Fairbanks takes the security of our patients’ information very seriously. We have taken steps to ensure only the appropriate Fairbanks personnel has access to patient information. We are mailing written notice of this incident to all potentially impacted individuals for whom we have contact information, along with the same information that is contained below, entitled Steps You Can Take to Protect Against Identity Theft and Fraud. We are also reporting this incident to the U.S. Department of Health and Human Services and news media outlets servicing the state of Indiana.

What You Can Do. If you believe you may be a current or former Fairbanks Hospital patient who is affected as a result of this incident, we encourage you to review the below Steps You Can Take to Protect Against Identity Theft and Fraud and to call our confidential toll-free hotline at 1-855-828-4343, Monday through Saturday, 9:00 a.m. to 9:00 p.m., Eastern Standard Time.

Fairbanks sincerely regrets any inconvenience or concern this incident has caused. Below are Steps You Can Take to Protect against Identity Theft and Fraud, should you have concerns regarding the security of your protected health information or personal information.

Steps You Can Take to Protect Against Identity Theft and Fraud

We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity. This also includes reviewing account statements, medical bills, and health insurance statements regularly to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers. Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

At no charge, you can also have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

Equifax
P.O. Box 740256
Atlanta, GA 30374
1-888-766-0008
www.equifax.com
Experian
P.O. Box 2002
Allen, TX 75013
1-888-397-342
www.experian.com
TransUnion
P.O. Box 2000
Chester, PA 19016-2000
1-800-680-7289
www.transunion.com

You may also place a security freeze on your credit reports. A security freeze prohibits a credit bureau from releasing any information from a consumer’s credit report without the consumer’s written authorization. However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services. If you have been a victim of identity theft, and you provide the credit bureau with a valid police report, it cannot charge you to place, lift or remove a security freeze. In all other cases, a credit bureau may charge you a fee to place, temporarily lift, or permanently remove a security freeze. You will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place a freeze on all of your credit files. To find out more on how to place a security freeze, you can use the following contact information:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
(NY residents please call 1-800-349-9960)
www.freeze.equifax.com
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html
TransUnion
P.O. Box 2000
Chester, PA 19022-2000
1-888-909-8872
www.transunion.com/securityfreeze

You can further educate yourself regarding identity theft, fraud alerts, and the steps you can take to protect yourself, by contacting the Federal Trade Commission or your state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Instances of known or suspected identity theft should also be reported to law enforcement.