Notice of Data Security Incident
Oradell, New Jersey – March 10, 2022 – New Jersey Brain and Spine (“NJBS”) is providing notice of a recent incident that may involve the personal and protected health information of some of our patients. The confidentiality, privacy, and security of patient information in NJBS’s care is one of our highest priorities, and we take this incident very seriously. At this time, we have no evidence that anyone’s information has been misused,
While NJBS’ investigation remains ongoing, NJBS is providing this online notice to its patients at this time out of an abundance of caution. NJBS is providing details about the events, steps that we are taking in response, and resources available to individuals to protect against the potential misuse of their information. Once NJBS’ investigation is concluded, we will send individual notices by mail to those persons whose information may have been compromised as a result of this incident.
What Happened: On or about November 16, 2021, NJBS discovered that it was the victim of a cyber attack that resulted in the encryption of data stored on its network. Immediately after discovering the incident, NJBS took steps to secure and safely restore its systems and operations. In addition, NJBS engaged cybersecurity experts to conduct a thorough forensics investigation to determine the nature and scope of the incident and to assist in the remediation efforts. The forensics investigation revealed that this incident that may have resulted in unauthorized access to patient information stored on NJBS’s systems.
Meanwhile, NJBS has hired a third party vendor to analyze the data stored within the compromised systems and to identify any individuals whose personal information may have been subject to unauthorized access as a result of this incident. At this time, the data mining process remains ongoing. Once the affected individuals have been identified, NJBS will send individual notices to these persons by mail.
What Information Was Involved: The types of information stored on the impacted systems includes: individual names, addresses, dates of birth, email addresses, telephone numbers, social security numbers, financial account information, debit or credit card information, driver’s license numbers or other ID numbers, and medical information. At this time, NJBS has no reason to believe that anyone’s information has been misused. Once the data mining process is complete, NJBS will send individual notices by mail to those persons whose information may have been subject to unauthorized access as a result of the incident.
What We Are Doing: NJBS takes the security of all personal information and protected health information in its possession very seriously and is taking additional measures to protect this information. Since the incident, NJBS has migrated to a third-party hosted cloud-based platform to securely store patient data, implemented two-factor authentication, installed a new server, and implemented ongoing monitoring response which tracks user activity, services and ports and coordinates logging.
What You Can Do: NJBS encourages all individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious or unauthorized activity. Please review the Additional Important Information below outlining additional steps individuals can take to protect their personal information.
Once against NJBS sincerely regrets any inconvenience that this incident may cause its patients and remains dedicated to protecting their information.
Additional Important Information
For residents of Hawaii, Michigan, Missouri, Virginia, Vermont, and North Carolina:
It is recommended by state law that you remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.
For residents of Illinois, Iowa, Maryland, Missouri, North Carolina, Oregon, and West Virginia:
It is required by state laws to inform you that you may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.
For residents of Iowa:
State law advises you to report any suspected identity theft to law enforcement or to the Attorney General.
For residents of Oregon:
State laws advise you to report any suspected identity theft to law enforcement, including the Attorney General, and the Federal Trade Commission.
For residents of Arizona, Colorado, Maryland, Rhode Island, Illinois, New York, and North Carolina:
You can obtain information from the Offices of the Attorney General and the Federal Trade Commission about fraud alerts, security freezes, and steps you can take toward preventing identity theft.
Maryland Office of the Attorney General Consumer Protection Division 200, St. Paul Place Baltimore, MD 21202 1-888-743-0023 www.oag.state.md.us
Rhode Island Office of the Attorney General Consumer Protection 150 South Main Street, Providence RI 02903 1-401-274-4400 www.riag.ri.gov
North Carolina Office of the Attorney General Consumer Protection Division, 9001 Mail Service Center Raleigh, NC 27699-9001 1-877-566-7226 www.ncdoj.com
Federal Trade Commission Consumer Response Center, 600 Pennsylvania Ave, NW Washington, DC 20580 1-877-IDTHEFT (438-4338) www.ftc.gov/idtheft
New York Office of Attorney General Consumer Frauds & Protection, The Capitol Albany, NY 12224 1-800-771-7755 https://ag.ny.gov/consumer-frauds/identity-theft
Colorado Office of the Attorney General Consumer Protection 1300 Broadway, 9th Floor, Denver, CO 80203 1-720-508-6000 www.coag.gov
Arizona Office of the Attorney General Consumer Protection & Advocacy Section, 2005 North Central Avenue, Phoenix, AZ 85004 1-602-542-5025
Illinois Office of the Attorney General Consumer Protection Division 100 W Randolph St., Chicago, IL 60601 1-800-243-0618 www.illinoisattorneygeneral.gov
For residents of Massachusetts: It is required by state law that you are informed of your right to obtain a police report if you are a victim of identity theft
For residents of all states:
Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with Equifax; TransUnion;or Experian. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at the bottom of this page.
Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.
Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
P.O. Box 2000
Chester, PA 19022
More information can also be obtained by contacting the Federal Trade Commission listed above.