ARTICLES

These are links to some articles that might be helpful for your situation.



Saturday, December 21, 2019

News Release: Evergreen Psychological Services Notifies Patients of Security Incident

EVERGREEN PSYCHOLOGICAL SERVICES
14351 B Torrey Chase Blvd.
Houston, TX 77014

NEWS RELEASE – FOR IMMEDIATE RELEASE

EVERGREEN PSYCHOLOGICAL SERVICES NOTIFIES PATIENTS OF SECURITY INCIDENT

(HOUSTON, Texas – November 1, 2019)  Evergreen Psychological Services has announced that it has notified approximately 4,174 individuals of an unfortunate recent break-in event that may have affected certain patient protected health or personal information. While Evergreen Psychological Services is not aware of any actual or attempted misuse of patient information related to the incident, it has notified affected individuals of information about the incident, steps taken in response, and what individuals can do to help protect against fraud and protect their information. 

Between the hours of 7:30 p.m. on September 16, 2019, and 8:30 a.m. on September 17, 2019, a physical break-in occurred at the offices of Evergreen Psychological Services. Two desktop computer towers were stolen from the offices of Dr. Robert Schindler and Billye Cheryl Schindler, MA, LPC, RPT. When the office opened on the morning of September 17, 2019, staff became aware of the intrusion, and that theft immediately was reported to law enforcement. Two sheriff deputies arrived within fifteen minutes to investigate.
     
One of the two computers that was stolen was used for patient billing purposes, and as a result, it may have contained some personal information of patients. The process of identifying the scope of the theft is ongoing. Evergreen Psychological Services has determined that the following data was stored in a data set accessible by the billing software contained on one of the two computers that were stolen:

  • Social Security number (if required by insurance);
  • address; 
  • telephone number; 
  • date of birth; 
  • diagnostic codes (if required by insurance); 
  • session dates; 
  • payments; and 
  • insurance company ID numbers (if insurance was billed). 
While Evergreen Psychological Services has no evidence that anyone accessed or acquired any protected health information, access to the information on the workstation computer or email accounts cannot be ruled out at this time. No physical treatment charts or patient files were stolen.

To address the theft, Evergreen Psychological Services has been working with the vendor that supplied its Medisoft billing software that contains the aforementioned data. Based on communications with those who have technical knowledge of the software used for patient billing purposes, Evergreen Psychological Services has been informed that it will be very difficult to access the data because the login and password information needed to access that software was not stored on the stolen computers. As such, Evergreen Psychological Services believes that there is a low likelihood of re-identification.
   
Evergreen Psychological Services takes the security of patient information in its care very seriously. Evergreen Psychological Services launched an immediate investigation into this incident. This has involved a time consuming, manual review process of patient files to determine those individuals who were included in the computers’ billing software program or related files. It is unknown whether any protected health information (PHI) that was contained on one of the computers has been viewed.

To prevent further thefts, Evergreen Psychological Services has received feedback from the Harris County Sheriff’s Office, its licensing boards, and legal counsel provided by the American Professional Agency. Measures will include, but are not be limited to, installation of an upgraded security system with a camera (already installed since the theft), additional door locks and restraints, and ongoing protective measures for cybersecurity. Evergreen Psychological Services also has enlisted an IT specialist to assist it in ongoing efforts.

Evergreen Psychological Services encourages impacted individuals to take appropriate measures to help prevent misuse of personal data, including the following:

  • Place a fraud alert on credit report by calling the toll-free number of any of the three major credit bureaus (listed below). By establishing a fraud alert, impacted individuals can become aware of and help prevent an identity thief from opening additional accounts in their name. When a credit bureau confirms a fraud alert, the other two bureaus will automatically be notified to place alerts on the credit report, and all three reports will be sent to the individual free of charge. Contact information for the bureaus is as follows:
    • Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 303740241  
    • Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013 
    • TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 
  • Order credit reports. Establishing a fraud alert will cause impacted individuals to receive a follow-up letter that will explain how to receive a free copy of the individual’s credit report. Once an impacted individual receives the credit report, the individual should examine it closely for signs of fraud, such as credit accounts that are not related or authorized. 
  • Continue to monitor credit reports. Even if a fraud alert has been placed on an account, impacted individuals should continue to monitor their credit reports to ensure an imposter has not opened an account using personal information.  
Evergreen Psychological Services is committed to providing quality care, including protecting personal information, and sincerely regrets any inconvenience that resulted from these criminal acts. Evergreen Psychological Services has established a toll-free number that impacted individuals can call, at 1-833-9351345 between 8:00 a.m. and 8:00 p.m. CST, Monday through Friday, excluding major holidays, to discuss any concerns or questions about the potential loss of personal information.