Epilepsy Foundation Data Breach Exposes Sensitive Patient Info

What Happened?

The Epilepsy Foundation of Metro New York recently experienced a significant data security incident. On an unspecified date, the organization detected a cyberattack within their network environment, resulting in the encryption of certain systems. This unauthorized access led to the potential acquisition of sensitive files.

The breach was identified when the Epilepsy Foundation's electronic health records system was found to be compromised. Although the electronic health records database remained unaffected, other critical files and folders within the network were accessed and/or acquired by an unauthorized party. A comprehensive manual review of the affected data commenced, and on October 12, 2023, it was concluded that personal information might have been involved in the breach.

The types of consumer information exposed include highly sensitive data such as Date of Birth, Social Security Number, Account Number, Medicare ID, Medicaid ID, Diagnosis Code, Treatment Location, Procedure Type, Provider Name, Treatment Cost, Medical Date of Service, Billing/Claim Information, and Health Insurance Information.

In response to this incident, the Epilepsy Foundation took immediate action to secure the affected systems and launched an investigation with the help of third-party cybersecurity experts. They have also taken steps to notify affected individuals and provide them with resources to protect their identities, including offering Single Bureau Credit Monitoring services for 24 months at no charge.

For those seeking more information or who have further questions, the Epilepsy Foundation has established a dedicated and confidential toll-free response line. This line is staffed with professionals who are well-informed about the incident and can offer guidance on how to protect against misuse of information. The response line will be available for 90 days following the date of the notification letter.

The Epilepsy Foundation has expressed its regret for the incident and reassures the public that they are committed to the privacy of personal information, continuously enhancing their security measures to prevent such breaches in the future.

To learn more about the breach and the steps you can take to protect yourself, you can view the full notice on the Massachusetts Attorney General's website.

If you believe you have been affected by this breach, it is crucial to remain vigilant by monitoring your financial account statements and credit reports for any unusual activity. You should consider placing a fraud alert or a security freeze on your credit files, and you may also want to obtain a free credit report as part of your regular financial review process. For additional protection, you can enroll in the credit monitoring services provided by the Epilepsy Foundation through Cyberscout, a TransUnion company.

Remember, taking proactive steps to protect your personal information can significantly reduce the risk of identity theft and financial fraud. Stay informed, stay secure, and take action when necessary.