Phoenix, Arizona – Ascend Healthcare Management LLC (“Ascend”) is writing to inform you of a recent data security incident that may have resulted in an unauthorized access of your sensitive personal information. While we are unaware of any fraudulent misuse of your personal information at this time, we are providing you with details about the incident, steps we are taking in response, and resources available to help you protect against the potential misuse of your information.
On August 25, 2023, Ascend received notice that its voicemail and messaging system may have been accessed by an unauthorized individual. Upon discovery of this incident, Ascend immediately reset credentials for access to this system and began an investigation to determine whether any personally identifiable information (“PII”) or personally identifiable health information (“PHI”) was impacted. After collecting logs and transcripts of messages recorded on the system, Ascend began data mining to determine if any PHI or PII was on the transcripts. Data mining was completed on December 27, 2023. Ascend then reviewed the results of data mining to determine if any PII or PHI was actually associated with an identifiable individual. Ascend completed its review of the data mining results and finalized the notice population list on January 22, 2024.
Although Ascend is unaware of any fraudulent misuse of information, it is possible that individuals’ full name, address, date of birth, medical information, and/or health information, may have been exposed as a result of this unauthorized activity.
As of this writing, Ascend has not received any reports of related identity theft since the date of the incident (August 25, 2023 to present). Ascend is committed to ensuring the security and privacy of all personal information in its control, and is taking steps to prevent a similar incident from occurring in the future. Upon discovery of the Incident, Ascend moved quickly to investigate and respond to the Incident, assessed the security of its systems, and notified the potentially affected individuals. Specifically, Ascend immediately reset credentials for access to this system and began an investigation to determine whether any PII or PHI resided on the impacted system. Additionally, Ascend adopted new encryption technologies; changed passwords; strengthened password requirements; created a new updated Security Rule Risk Management Plan; implemented new technical safeguards; implemented periodic technical and nontechnical evaluations; improved physical security; performed a new updated Security Rule Risk Analysis; provided business associate with additional training on HIPAA requirements; provided individuals with free credit monitoring; revised policies and procedures; sanctioned workforce members involved; trained and retrained workforce members; and took steps and will continue to take steps to mitigate the risk of future harm.
In light of the incident, we are also providing you with 18 months of complimentary credit monitoring and identity theft restoration services through TransUnion. While we are covering the cost of these services, you will need to complete the activation process by following the instructions below.
We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Please review the enclosed Steps You Can Take to Help Protect Your Information, to learn more about how to protect against the possibility of information misuse.
All impacted individuals will be notified via first class mail.
280232860v.1
If you have any questions or concerns not addressed in this letter, please call 1-800-405-6108 (toll free) Monday through Friday, during the hours of 8:00 a.m. and 8:00 p.m. Eastern Standard Time (excluding U.S. national holidays).
Ascend sincerely regrets any concern or inconvenience this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control.
Sincerely,
Shane Curtis
Shane Curtis
Chief Compliance and Risk Officer
Ascend Healthcare Management LLC