Notice to Patients and Parents-Potential Breach of PHI and Personal Information
- Posted on: May 29 2019
Dear Parents / Guardians: May 28, 2019
We are writing to inform you of an incident that may have involved your personal and protected health information. In particular, on April 10, 2019, Takai, Hoover & Hsu, P.A. (“THH”) was notified by Montgomery County, Maryland police that a THH employee was a person of interest in an ongoing fraud investigation. THH was notified that a third party (not employed or affiliated with THH) was arrested, and the third party may have been associated with THH’s employee. THH was notified that the employee may have accessed and disclosed protected health information and personal information, including names, dates of birth, SSNs and addresses of parents of THH’s patients. The information may have also included account numbers. The information was then allegedly used in fraudulent activity.
THH is unaware of the specific dates of any potential data breach, although the first data breach may have occurred in 2017 and/or several months prior to June 2018. The THH employee was initially hired on July 5, 2017. THH is further unaware of the total number of patients or persons potentially impacted.
THH has been cooperating with law enforcement since being notified of an investigation, and upon learning of a potential misuse of protected health information and personal data, THH took prompt action to limit any and all access by the identified employee to protected health information and personal data, including placing the employee on leave as of April 16, 2019. As further information was received from law enforcement, the employee was subsequently terminated on May 3, 2019. THH further reported the employee to the Maryland Board of Nursing. THH is also now undertaking an examination and evaluation of its computer systems and network by a computer forensics company in an attempt to determine what, if any, protected health information or personal information may have been accessed and disclosed.
As of the date of this report, and to THH’s knowledge, THH’s former employee has not been charged with any crime. THH likewise has no direct evidence that any patient protected health information or personal information was actually taken or misused by the employee. Nonetheless, and out of an abundance of caution, THH is now in the process of notifying all patients/parents and/or responsible parties of the potential data breach. THH is also notifying the three major credit bureaus, the Maryland Office of the Attorney General, and THH is providing additional notices to the public through its website and through local news press releases and publications. Finally, THH is taking numerous steps to further safeguard and prevent potential data breaches in the future, including additional staff training, limiting and further securing access to data, increasing physical security measures, and reducing and mitigating cybersecurity vulnerabilities.
THH takes its responsibilities pursuant to the Health Information Portability and Accountability Act and the Maryland Confidentiality of Medical Records Act very seriously, and we genuinely apologize for this incident. In compliance with federal and state laws and regulations, all patients/parents are being notified of this potential data breach. Patients/Parents are strongly encouraged to take steps to eliminate or minimize any potential harm that could be caused by the incident. This includes, but is not limited to, obtaining credit reports from one or more of the three major credit reporting agencies, registering a fraud alert with the credit reporting agencies, and monitoring financial and health accounts for unauthorized activity.
As outlined above, THH has taken and will continue to take steps to safeguard and prevent any data breach of its patients’ personal and protected health information. THH is fully committed to continuing our tradition of high quality patient care, including the preservation of the confidentiality and security of its patients’ personal and protected health information.
For further information, please contact our call center support line at 877-231-0376 between 9:00 AM and 9:00 PM Eastern time, Monday through Friday or call our office at 301-540-0811.
Lainie Baumgarten-Hoover, M.D.
Takai, Hoover & Hsu, P.A.
Posted in: Uncategorized