NOTICE OF DATA BREACH
UPDATED: January 3. 2023
Circles of Care, Inc. (“Circles of Care”) is committed to protecting the privacy and security of the personal information we maintain. We are making individuals aware of an incident that may affect the privacy of certain employee and patient health information. We are providing notice of the incident so that potentially affected individuals may take steps to protect their information, should they feel it appropriate to do so.
What Happened? On September 21, 2022, Circles of Care detected suspicious activity on our network. After discovering this, we quickly took steps to evaluate and ensure the security of our systems and operations. Further, we immediately engaged third-party independent cybersecurity experts to conduct an investigation into the incident.
On November 29, 2022, our investigation discovered, an unauthorized individual accessed our systems on or about September 6, 2022, and potentially obtained some information. To date, we are not aware of any reports of identity fraud or improper use of personal information as a direct result of this incident. Out of an abundance of caution, we are providing notice of the incident to individuals whose information was potentially impacted and explaining the services we are making available.
What Information Was Involved? The potentially impacted data included first and last name, date of birth, social security number, address, phone number, driver’s license number, bank routing and account numbers, medical account number, provider name, service dates, diagnosis, and medical procedure codes.
What Circles of Care Is Doing. The security and privacy of the information contained within our systems is a top priority for us. In response to this incident, we took immediate steps to secure our systems and engaged third-party forensic experts to assist in the investigation. Further, we are implementing additional cybersecurity safeguards, as needed, enhancing our employee cybersecurity training, and improving our cybersecurity policies, procedures, and protocols to help minimize the likelihood of this type of incident occurring again.
What You Can Do. We encourage potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefit forms. We also recommend monitoring your free credit reports to detect errors or identify suspicious activity. Individuals may also review and consider the information and resources outlined in the below “Other Important Information.”
For More Information. For individuals seeking more information or who have questions, please call the dedicated toll-free helpline at 1-800-660-9657. In addition, individuals seeking to contact Circles of Care directly may write to Information@circlesofcare.org or 400 E. Sheridan Rd., Melbourne, FL 32901.
– OTHER IMPORTANT INFORMATION –
Placing a Fraud Alert on Your Credit File.
We recommend that you place an initial one-year “Fraud Alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788
P.O. Box 9554
Allen, TX 75013
Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016-2000
Consider Placing a Security Freeze on Your Credit File.
If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it
without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:
Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788
TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094
In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or
password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside.
If you do place a security freeze prior to enrolling in any credit monitoring service, you will need to remove the freeze in order to sign up for the credit monitoring service. After you sign up for the credit monitoring service, you may refreeze your credit file.
Obtaining a Free Credit Report.
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at www.annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Additional Helpful Resources.
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.
Protecting Your Medical Information.
We have no evidence that your medical information involved in this incident was or will be used for any unintended purposes. However, the following practices can provide additional safeguards to protect against medical identity theft.
- Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
- Review your “explanation of benefits statement” which you receive from your health insurance company. Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.
- Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or the care provider for any items you do not recognize.