Retina Associates of Orange County values all our patients and we would like to thank you for allowing us to assist you with your healthcare needs. Unfortunately, a minor breach occurred when our vendor, ConnectOnCall.com, LLC, discovered a data breach on their platform. The company provides a product (“ConnectOnCall”) that many healthcare providers, including Retina Associates of Orange County, purchase to improve their after-hours call management and enhance communications between the providers and their patients. The data breach incident on the ConnectOnCall platform involved Retina Associates of Orange County’s patient communications. Even though Retina Associates of Orange County was not the source of the breach, we take the security of personal information very seriously. The purpose of this notice is to inform you of what happened, what information was involved, what we have done, and what you can do to further protect your information.
WHAT HAPPENED. On May 12, 2024, ConnectOnCall learned of an issue impacting Retina Associates of Orange County. ConnectOnCall did an investigation and immediately took steps to secure their product. Their investigation revealed that between February 16, 2024, and May 12, 2024, an unknown third party gained access to ConnectOnCall and was able to obtain certain data within the application, including information from provider-patient communications.
WHAT INFORMATION WAS INVOLVED. ConnectOnCall has determined that the personal information involved in this incident may have included your name, phone number, date of birth and medical information disclosed during telephone conversations. No driver’s license numbers, medical record numbers, financial information, or Social Security Numbers have been compromised.
WHAT WE ARE DOING. ConnectOnCall engaged external cybersecurity specialists to determine the full nature and scope of the incident, identify any impacted information, and help them enhance their security controls to guard against the risk of future security incidents. After the incident, the ConnectOnCall product was taken offline before the product was restored in a new, more secure environment. Federal and state authorities have been notified of the breach incident.
WHAT YOU CAN DO. There are steps that an impacted individual can take to protect against potential misuse of personal information that may have been disclosed by ConnectOnCall. We strongly encourage you to remain vigilant for incidents of fraud and identity theft, including by regularly reviewing your account statements and monitoring credit reports. If you discover any suspicious or unusual activity on your accounts or suspect identity theft or fraud, be sure to report it immediately to your financial institutions.
In addition, you may contact the Federal Trade Commission (“FTC”) or law enforcement, including your state Attorney General, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s website at www.ftc.gov/idtheft, or call the FTC at (877) IDTHEFT (438-4338) or write to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
You may also periodically obtain credit reports from the nationwide credit reporting agencies. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. In addition, under federal law, you are entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting agencies. You may obtain a free copy of your credit report by going to www.AnnualCreditReport.com or by calling (877) 322-8228. You may contact the nationwide credit reporting agencies at:
Equifax | Experian | TransUnion |
(800) 685-1111 | (888) 397-3742 | (800) 680-7289 |
P.O. Box 740241 | P.O. Box 9701 | Fraud Victim Assistance Department |
Atlanta, GA 30374-0241 | Allen, TX 75013 | P.O. Box 2000 |
www.Equifax.com | www.Experian.com | Chester, PA 19022-2000 |
www.TransUnion.com |
You also have other rights under the Fair Credit Reporting Act (“FCRA”). For information about your rights under the FCRA, please visit: https://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf.
In addition, you may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to verify your identity. You may place a fraud alert in your file by calling any of the nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.
In addition, you can contact the nationwide credit reporting agencies at the numbers listed above to place a security freeze to restrict access to your credit report. You will need to provide the credit reporting agency with certain information, such as your name, address, date of birth, and Social Security number. After receiving your request, the credit reporting agency will send you a confirmation containing a unique PIN or password that you will need in order to remove or temporarily lift the freeze. You should keep the PIN or password in a safe place.
FOR MORE INFORMATION. ConnectOnCall will be providing a toll-free number to respond to any questions or concerns you may have. We will post that phone number as soon as it becomes available. Please check back next week for updates.
Again, our office was not the source of the data breach but we would like to emphasize to you our sincerest apology for this occurrence. We take patient privacy and data security very seriously.
Sincerely,
Retina Associates of Orange County