Source

https://www.databreaches.net/fairchild-medical-center-server-was-exposing-patient-information-for-4-5-years-until-a-security-firm-alerted-them/

Ugh. Fairchild Medical center had a misconfigured server exposing PHI from December 16, 2015 until they were alerted to the problem in late July by an unnamed security companion who discovered the exposure. Here’s their press release, below. line that this does not (yet) appear on HHS’s breach tool. YREKA, Calif.,�Nov. 25, 2020�/PRNewswire/ — in late�July 2020, FMC was made aware of an emerge involving a misconfiguration on one of its servers through a communication from a third-party security company unaffiliated with FMC.�FMC immediately commenced an investigation and began working with third party computer specialists to determine the nature and orbit of the issue. FMC also immediately addressed the misconfiguration and took steps to secure the server. a third-party security company verified that the server surety change resolved the issue. Through the investigation, FMC determined that a misconfiguration existed from approximately�December 16, 2015�to�July 31, 2020�that allowed external individual(s) access to the server.�On�November 5, 2020, following and extensive critique of forensic evidence associated with the server, FMC’s investigation determined that it could not conclusively ruler out unauthorized access to records submit on the server during the window of time when the misconfiguration was in place.�As such, out of an copiousness of caution, FMC reviewed the server to set what records were present during that window.�It was determined the information contained on the server includes medical images, names, dates of birth, patient identification numbers, exam identification numbers, provider names, and dates of examination.�Please note, this incident did�not�affect an individual’s full medical record.�Additionally, this incident did�not�affect any individual’s social Security number, nor financial information. Information privacy and security are among FMC’s highest priorities.�FMC has strict security measures in set to protect info in our care.�Upon learning of this incident, FMC moved quickly to respond.�This included conducting an investigation with the assistance of third-party forensic specialists and engaging in steps to ensure the certificate of the one affected server.�The security alteration of the server was verified by a third-party security firm to confirm resolution of the server security issue. As a general reminder, FMC encourages potentially affected individuals to stay vigilant against incidents of identity theft and fraud, to brushup account statements and explanation of benefits, and to monitor release citation reports for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one loose credit account annually from each of the three major credit reporting bureaus.�To enjoin a free credit report, visit�www.annualcreditreport.com�or call, toll-free, 1-877-322-8228.�Individuals may also contact the three major citation bureaus directly to request a discharge copy of a credit report. Individuals also experience the right to put a “security freeze” on a credit report, which will prohibit a consumer reporting agency from releasing information in the credit report without verbalise authorization.�The security immobilize is designed to prevent credit, loans, and services from being approved without consent.�However, using a security freeze may delay, interfere with, or prohibit the timely approval of any subsequent bespeak or application made regarding a new loan, credit, mortgage, or any other account involving the extension of credit.�Pursuant to federal law, an individual cannot live charged to localize or raise a surety frost on a credit report.�An individual will live required to provide certain personal info and proof of identicalness to obtain a security freeze.�As an alternative to a security freeze, individuals experience the right to place an initial or extended “fraud alert” on a credit file at no cost.�An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.�Upon seeing a fraud alert display on a consumer’s credit file, a concern is required to accept steps to verify the consumer’s identity before extending new credit.�If an individual is a victim of identity theft, he or she is entitled to an extended fraud alert, which is a fraud alert lasting septet years. Should an individual like to localize a security freeze, they may contact the major consumer reporting agencies:�Experian �P.O. box 9554,�Allen, TX�75013; 1-888-397-3742;�www.experian.com;�TransUnion �P.O. boxwood 160,�Woodlyn, PA�19094; 1-800-909-8872;�www.transunion.com;�Equifax �P.O. box 105788,�Atlanta, GA�30348-5788; 1-800-685-1111;�www.equifax.com. Should an individual like to position a fraud alert, they may tangency the major consumer reporting agencies:�Experian �P.O. box 9554,�Allen, TX�75013; 1-888-397-3742;�www.experian.com;�TransUnion �P.O. box 2000,�Chester, PA�19016; 1-800-680-7289;�www.transunion.com;�Equifax �P.O. box 105069,�Atlanta, GA�30348-5788; 1-888-766-0008;�www.equifax.com. further information�regarding identity theft, humbug alerts, certificate freezes, and the steps an individual can take to protect personal information may be obtained by contacting the consumer reporting agencies, the Federal patronage Commission, or the appropriate say Attorney General.�The Federal swap Commission can be reached at: 600 pennsylvania Avenue NW,�Washington, DC�20580;�www.identitytheft.gov;�1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The federal trade charge also encourages those who discover that their information has been misused to file a complaint with them. Individuals can obtain further information on how to file such a charge by way of the tangency information listed above. Individuals hold the right to file a constabulary story if they get identity theft or fraud.�In enjoin to file a account with law enforcement for identicalness theft, an individual will likely demand to provide some proof that they get been a victim.�Instances of known or suspected identity theft should also live reported to law enforcement.�This note has not been delayed by law enforcement. FMC recognizes that impacted individuals may hold additional questions. For more information, individual may impinging (833) 752-0849 from�6:00 am to 6:00 pm Pacific Time, monday through Friday, except holidays�or inspect FMC’s website at�www.fairchildmed.org. SOURCE Fairchild Medical snapper