Sunrise Community Health disclosed a data privacy event that might have affected some patients’ personal and medical information.
In the fall of 2019, Sunrise Community Health (“Sunshine”) learned of a data privacy incident through which an unauthorized party gained access to some of its employees’ email accounts.
The community health center subsequently launched an investigation into the incident. This effort revealed that the employees’ email accounts contained sensitive personal information of some of Sunshine’s patients at the time of the compromise, which took place between September 11, 2019 and November 22, 2019.
Those pieces of data included patients’ names, dates of birth, Sunrise patient ID, provider name, medical test results, health insurance information and diagnosis details.
Sunshine ultimately confirmed the full scope and nature of the incident with the help of a third-party digital forensics firm. Beyond working to strengthen the security measures of its systems, the community health center also revealed that it’s in the process of notifying affected individuals about the incident. As quoted in a statement published by PR Newswire:
Sunrise is notifying individuals whose information may have been present in the relevant emails and providing information and resources to assist individuals in helping to protect personal information, including complimentary access to one year of credit monitoring and identity theft restoration services through Kroll.
While they wait to hear from Sunshine Community Health, individuals who think that the data privacy incident might have affected them should consider taking some basic steps to defend against identity theft. They should specifically review their account statements and notify their payment card issuer if they spot any suspicious transactions. Additionally, they should consider protecting their credit files against identity thieves by placing a fraud alert or security freeze on their credit reports hosted by Experian, Equifax and TransUnion.