DOVER, Del., July 14, 2020 /PRNewswire/ -- Mid-Delaware Imaging ("MDI") announced today that it has taken action after becoming aware of a ransomware event in which an unknown third party encrypted its systems. MDI is providing notice of this event to potentially impacted individuals as well as certain regulators.
What Happened? On January 30, 2020, MDI became aware of unusual activity on its network. MDI conducted an immediate investigation and determined that the network was impacted by ransomware. Third-party forensic investigators were engaged to assist in the investigation to determine the nature and scope of the event and identify what personal information or protected health information may have been impacted by this incident.
MDI conducted a thorough and time-consuming review of its system to identify every individual whose sensitive information may have been accessible or unrecoverable during this event. In addition, the investigation determined that certain patient information may have been accessible to the unauthorized individual(s), or unrecoverable as a result of the ransomware attack during this event. As a result, MDI is notifying all potentially affected individuals in an abundance of caution.
What Information Was Involved? The investigation confirmed that the following types of information were accessible or unrecoverable: demographic information, date of birth, driver's license number, medical record information, including MRN and patient information, diagnostic and treatment information, lab reports, health insurance information, medical billing /financial information. The types of information at issue varies by individual.
What We Are Doing. MDI is committed to, and takes very seriously, its responsibility to protect all data and health information entrusted to us. As part of its ongoing commitment to the privacy of personal information in our care, MDI reviewed its existing policies and procedures, and is working to implement additional safeguards to further secure the information contained within its network. MDI notified the Federal Bureau of Investigation ("FBI") and is notifying regulatory authorities, as required by law.
For More Information. Individuals who may have questions about the incident, may contact our dedicated call center at 1- 855-917-3549 Monday through Friday from 9am - 9pm ET, or visit MDI's website at www.middelawareimaging.com.
What You Can Do. MDI encourages individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious activity. Under U.S. law individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.
Individuals have the right to place a "security freeze" on their credit report, which will prohibit a consumer reporting agency from releasing information in their credit report without an individual's expressed authorization. The security freeze is designed to prevent credit, loans, and services from being approved in an individual's name without their consent. However, individuals should be aware that using a security freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or applications made regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, individuals cannot be charged to place or lift a security freeze on their credit report. Should individuals wish to place a security freeze, please contact the major consumer reporting agencies listed below:
PO Box 9554
P.O. Box 160
PO Box 105788
Allen, TX 75013
Woodlyn, PA 19094
Atlanta, GA 30348-5788
In order to request a security freeze, individuals will need to provide the following information:
As an alternative to a security freeze, individuals have the right to place an initial or extended "fraud alert" on their file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer's credit file. Upon seeing a fraud alert display on a consumer's credit file, a business is required to take steps to verify the consumer's identity before extending new credit. If an individual is a victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should individuals wish to place a fraud alert, please contact any one of the agencies listed below:
P.O. Box 9554
P.O. Box 2000
P.O. Box 105069
Allen, TX 75013
Chester, PA 19016
Atlanta, GA 30348
Individuals can further educate themselves regarding identity theft, fraud alerts, security freezes, and the steps they can take to protect themselves by contacting the consumer reporting agencies, the Federal Trade Commission, or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. Individuals can obtain further information on how to file such a complaint by way of the contact information listed above. Individuals have the right to file a police report if they ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, individuals will likely need to provide some proof that they have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and individuals' state Attorney General. This notice has not been delayed by law enforcement.
SOURCE Mid-Delaware Imaging (MDI)