LITTLE ROCK, Ark., Oct. 22, 2020 /PRNewswire/ -- Although they are unaware of any actual or attempted misuse, Arkansas Otolaryngology Center ("AOC") is providing notice of a data privacy event impacting the security of information relating to certain patients and AOC employees.
What happened? On or around July 17, 2020, AOC became aware of suspicious activity relating to an employee email account that was sending unauthorized messages. AOC immediately launched an investigation to determine what may have happened. Working together with an outside computer forensics firm, AOC's investigation determined that an unauthorized individual accessed four employee email accounts between July 17, 2020 and July 27, 2020, and sensitive information contained therein was accessible to unknown individuals. On September 21, 2020, AOC identified the individuals potentially impacted by this incident after a thorough manual review of the impacted email accounts. AOC has worked since this time to locate valid mailing addresses for the potentially impacted individuals in order to provide notice of this event.
What information may have been affected by this incident? The accessed email accounts contained information related to certain patients and employees of AOC. The type of information affected varies per impacted individual, and includes one or more of the following types of information: name, date of birth, Medical Record Number (MRN), Social Security number, diagnosis, doctor's name, driver's license number or state identification card number, insurance group number, treatment location, and treatment or procedure type or code. For a very small number of individuals, a financial account number was impacted.
Although they cannot confirm that any individual's personal information was actually accessed, or viewed without permission, AOC is providing this notice out of an abundance of caution. They do not have any evidence of actual or attempted misuse of any individual's information as a result of this incident.
How will individuals know if they are affected by this incident? AOC is mailing notice letters to the individuals for whom they have valid mailing addresses whose protected information was contained within the affected email accounts and may have been accessed or acquired by an unauthorized actor. If an individual did not receive a letter but would like to know if they are affected, they may call the hotline listed below.