10980 Grantchester Way, 6th Floor Columbia, Maryland 21044 - 410-772-6606 PHONE - 410-772-6611 FAX MedStar Health medstarhealth.org
Office of Corporate Business Integrity
July 22, 2019
VIA CERTIFIED MAIL AND E-MAIL AT [email protected]
Office of the Attorney General Attn: Security Breach Notification 200 St. Paul Place Baltimore, MD 21202
Dear Attorney General Frosh,
MedStar Health, Inc. (MedStar) recognizes the importance of the privacy and confidentiality of the personal information provided by its employees. We regrettably report that on June 19, 2019, we learned that a MedStar supervisor of our Residency Program, inadvertently sent, via email, a document that included sensitive personal information of residents to a class of new intern physicians. As soon as the error was discovered, the supervisor immediately asked the recipients to securely delete the document from their email, including their document trash receptacle. The recipients have also been asked to sign an attestation confirming deletion of the email and that they have not further disclosed this information. The type of information disclosed included full names, dates of birth social security number and address of all current MedStar residents.
MedStar notified the affected residents via e-mail on July 10, 2019 using the attached notification letter and offered one year of complimentary credit monitoring and identity theft protection services through Experian.
MedStar has conducted a comprehensive review of our Residency Program communication procedures and is implementing procedural changes to help prevent this from happening again.
MedStar Health continues to take very seriously our role in safeguarding personal information and views the protection of individuals’ privacy as an essential component of our vision to be the Trusted Leader in Caring for People and Advancing Health and our mission to serve our community. If you have any questions or concerns regarding this matter, please do not hesitate to contact me at 703-558-1664 or at [email protected]
Sincerely,
~~ Mutanu Mutuvi-Thomas, Privacy Director MedStar Health, Inc.
Cc: Alicia Taylor, Supervisor, Residency Program, Internal Medicine Residency, MedStar Health, Inc. Theresa Schorr, Entity Compliance Officer, MedStar Health, Inc.
Knowledge and Compassion Focused on You
10980 Grantchester Way Columbia, MD 21044 - 410-772-6606 PHONE - 410-772-6611 FAX MedStar Health medstarhealth.org
Office of Corporate Business Integrity
July xx, 2019
Name -Address -
Dear XXXX,
At MedStar Health, Inc., we take very seriously the privacy and confidentiality of the personal information provided to us by our associates. Regrettably, we write to inform you about an incident involving some of that personal information.
On June 19th, 2019, we learned that a MedStar associate accidentally emailed a listing of current and previous Resident information containing your full name, date of birth, Social Security Number, and address to a list of current MedStar Residents. Two of the Residents notified us of the incident and we immediately requested that all Residents delete the email and the attachment.
We wanted to let you know about this incident as soon as we could. To help protect your identity, we are offering a complimentary one-year membership of Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft. For more information on IdentityWorks and instructions on how to activate your complimentary one-year membership, please see the included instructions in this letter.
If you choose not to take advantage of this free credit monitoring service, we still recommend that you remain vigilant to the possibility of fraud and identity theft by reviewing your financial statements for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies.
To order your annual free credit report visit www.annualcreditreport.com or call toll free at 1- 877-322- 8228. Contact information for the three nationwide credit reporting companies is as follows: • Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
Knowledge and Compassion Focused on You
• Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9532, Allen, TX 75013 • TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790
If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Maryland Attorney General's Office. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You may also wish to contact your local law enforcement authorities and file a police report. If you do so, you may wish to obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission and Maryland Attorney General's Office are as follows: Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 www.ftc.gov 1-877-438-4338 Office of the Attorney General 200 St. Paul Place Baltimore, MD 21202 www.oag.state.md.us 1-888-7 43-0023
We regret any inconvenience this may have caused you. We want to assure you that we are committed to the security of your personal information and are taking this matter very seriously. Accordingly, we have conducted a comprehensive review of our practices, policies and procedures and have implemented enhanced measures to prevent this from happening again. If you have any questions, or you need further assistance, please call me at 443-444- 4598 or contact me via e-mail at [email protected] or Alicia Taylor Supervisor, Residency Program, via phone at 410-554-2284 or email at [email protected].
Sincerely,
Teresa Schorr Entity Compliance Officer, MedStar Health
Cc: Mutanu M. Mutuvi-Thomas Privacy Director, MedStar Health