On September 30, 2021, Medsurant Holdings, LLC learned an unauthorized party was able to access certain patient data between September 23, 2021 and September 30, 2021. While the compromised information varies by patient, it may include patients’ Social Security numbers. On November 29, 2021, Medsurant Holdings began sending out data breach notification letters to all those affected by the security breach.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. More about what you can do if your data was stolen is available in our prior blog post, "A Guide For Victims of a Data Breach”.
We have obtained a copy of the initial data breach letter issued by Medsurant Holdings, LLC:
Dear [Consumer],
Medsurant Holdings, LLC (“Medsurant”) writes to inform you of a recent incident that may affect the security of some of your information. Medsurant is the parent company of Advanced Medical Resources, LLC, American Intraoperative Monitoring, LLC, Bromedicon, LLC, Evokes, LLC, Medsurant, LLC, Physiologic Assessment Services, LLC, Sensory Testing Systems, LLC, and Head & Spine Institute of Texas, LLC. While we have no evidence of fraudulent misuse of any information as a result of this incident, this notice provides information about the incident, our response, and resources available to you to help protect your information from possible misuse, should you feel it necessary to do so.
What Happened? On September 30, 2021, Medsurant received a suspicious email from an unknown actor who alleged that they removed data from the Medsurant environment. Because the unknown actor alleged data removal from systems containing patient information, Medsurant worked quickly to investigate what happened and whether this incident resulted in any unauthorized access to, or theft of, patient information by the unknown actor.
Medsurant conducted an extensive investigation to determine the nature and scope of the incident. The investigation determined that our systems were accessed by an unknown actor between September 23, 2021 and September 30, 2021, and some data was exfiltrated from our systems. Another brief, limited, period of access occurred on November 12, 2021, and some limited data was encrypted during this period but restored from internal sources. Medsurant performed a review of the compromised data to identify the individuals whose information was impacted. Medsurant then worked to confirm the identities and contact information for affected individuals to provide notifications. On or around February 2, 2022, the review was completed.
What Information was Affected. The following types of your information were determined to have been taken by the threat actor during this incident: full name, address, <>.
What We are Doing. Medsurant takes this incident and the security of your information seriously. Upon learning of this incident, we immediately took steps to restore our operations and further secure our systems by implementing additional network monitoring and beginning a forensic review. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our existing policies and procedures and implementing additional administrative and technical safeguards to further secure the information in our systems. Medsurant also notified federal law enforcement, the U.S. Department of Health and Human Services, and other government regulators. While we are unaware of any fraudulent misuse of your information as a result of this incident, we are offering you access to 24 months of complimentary credit monitoring and identity restoration services through Equifax.
What You Can Do. As a precautionary measure, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements, credit reports, and explanations of benefits for unusual activity and to detect errors. We also encourage individuals to report any suspicious activity promptly to your insurance company, health care provider, or financial institution. Additional detail can be found below in the Steps You Can Take to Help Protect Your Information. You may also enroll in the complimentary credit monitoring services described above. Enrollment instructions are enclosed with this letter.
For More Information. If you have additional questions, you may call our dedicated assistance line toll-free at 855-964-4395, Monday through Friday, during the hours of 9:00 a.m. to 9:00 p.m., Eastern Standard Time (excluding U.S. holidays). You may also write to Medsurant at 100 Front Street, Suite 280, West Conshohocken, PA 19428.
We sincerely regret any inconvenience or concern this incident may cause.
