To Our Patients:
I wanted to inform you of a data security incident experienced by Mat-Su Surgical Associates, APC (“Mat-Su Surgical”), a facility where I treated patients previously, that may have involved patient personal information. At Glacier Surgical Associates and Glacier Med Spa (collectively “Glacier Medical Group”), we take the privacy and security of its patient’s information very seriously. This is why I am posting this notification of the incident, and informing the public about steps you can take to help protect your personal information.
What Happened? On March 16, 2020, Mat-Su Surgical suffered a ransomware event that encrypted files on its systems. Mat-Su Surgical conducted an investigation and hired independent computer forensic investigators to help determine what occurred. Mat-Su Surgical’s investigation found that an unauthorized actor gained access to and viewed files stored on Mat-Su Surgical’s systems.
Following their investigation, Mat-Su Surgical informed Glacier Medical Group of the ransomware event that affected their systems, and that the information of patients whom I saw while at their facilities was still stored on their systems at the time of the incident. Consequently, those individuals’ information may also have been impacted by this incident. On August 3, 2020, Mat-Su Surgical provided a list of those individuals whom I treated while at Mat-Su Surgical and whose information may have been impacted.
Please note this incident affected Mat-Su Surgical’s systems, was not the result of any action by Glacier Medical Group, and did not affect the security or integrity of any Glacier Medical Group systems.
What Information Was Involved? The incident at Mat-Su Surgical may have involved information patients provided to any staff member or healthcare professional at Mat-Su Surgical from September 1, 2014 - April 2, 2018. This information may include individuals’ names, dates of birth, driver’s license or personal identification card numbers, Social Security Numbers, medical information and history, diagnosis and treatment information, health insurance information, and other information related to medical care.
What Are We Doing? As soon as I discovered the incident, I took the steps described above, and am notifying those individuals identified by Mat-Su Surgical whose information may have been impacted by the incident on their system. In addition, I am offering those patients who were impacted with information about steps they can take to help protect their personal information, along with free identity monitoring and recovery services as described in their notification letter.
What Can You Do? Potentially impacted individuals can follow the recommended steps listed here and in their notification letter to further protect their information,
For more information: If you have any questions, please call 1-800-939-4170, Monday through Friday from 6:00 AM to 5:00 PM Pacific Time for more information.
STEPS YOU CAN TAKE TO FURTHER PROTECT YOUR INFORMATION
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).
Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print this form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. You also can contact one of the following three national credit reporting agencies:
P.O. Box 1000
P.O. Box 9532
Allen, TX 75013
P.O. Box 105851
Atlanta, GA 30348
Free Annual Report
P.O. Box 105281
Atlanta, GA 30348
Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com.
Security Freeze: Under U.S. law, you have the right to put a security freeze on your credit file for up to one year at no cost. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.
Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC or from your respective state Attorney General about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state. Contact information for the FTC is: Federal Trade Commission, 600 Pennsylvania Ave, NW, Washington, DC 20580, www.consumer.ftc.gov and www.ftc.gov/idtheft, 1-877-438-4338. Residents of New York, Maryland, North Carolina, and Rhode Island can obtain more information from their Attorneys General using the contact information below.
New York Attorney General
Bureau of Internet and Technology Resources
28 Liberty Street
New York, NY 10005
Maryland Attorney General
200 St. Paul Place
Baltimore, MD 21202
North Carolina Attorney General
9001 Mail Service Center
Raleigh, NC 27699
150 South Main Street
Providence, RI 02903
You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information, as well as others. For more information about the FCRA, and your rights pursuant to the FCRA, please visit http://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf