NOTICE OF DATA SECURITY INCIDENT
December 31, 2020
Prestera Center Notifies Patients of Data Security Incident
December 31, 2020 - We have become aware of a data security incident that may have resulted in unauthorized access to the private information of a small percentage of our patients. Currently, there is no evidence of any attempted or actual misuse of any personal information. However, we are notifying, via first-class mail, any patient whose information may have been accessed to provide details of the incident and provide resources to help protect our patients.
Specifically, Prestera Center has discovered that a data security incident involving Prestera Center’ business email environment resulted in the exposure of personal information of current and past Prestera Center’ patients to an unknown individual who was not authorized to view it. We have since worked diligently to determine exactly what happened and what information was involved as a result of the incident.
After a thorough review, and with the assistance of a third-party vendor, we discovered that the affected information included patient names, dates of birth, medical record and/or patient account numbers, diagnostic information, healthcare provider information, prescription and/or treatment information and, in some instances, addresses, social security numbers and Medicare/Medicaid ID numbers. The exact elements of personal information that were affected as a result of this incident varied per individual. Once again, Prestera Center has no evidence of attempted or actual misuse of anyone’s information because of this incident.
Considering this incident, Prestera Center is offering potentially affected patients complimentary identity theft restoration and credit monitoring services through ID Experts to help protect any impacted current and/or former patients. We encourage patients who think their information may be at risk to call Craig Zappin Monday through Friday, 8:30 a.m. to 5:00 p.m., Eastern Time at 304-525-7851 ext. 2014.
Prestera Center is committed to ensuring the security of all information within its control, and we are taking steps to prevent a similar event from occurring in the future. This includes strengthening our cybersecurity infrastructure, including, but not limited to, revising policies and procedures, implementing multi-factor authentication for all accounts, replacing and strengthening the firewall, and implementing an intensive training security training program for all staff to prevent the future occurrence of any similar data security incidents.
Once again, we sincerely regret any inconvenience or concern that this matter may cause, and we remain dedicated to ensuring the privacy and security of all information in our control.
Karen Yost, CEO, Prestera Center for Mental Health Services, Inc.