Skip to main content
Harbor Health > News > Notice of Data Privacy Event

Notice of Data Privacy Event

9th August 2019

Harbor Health Services, Inc. recently became aware of a data privacy event that may affect the security of the personal information of a limited number of patients who had an appointment at Harbor Community Health Center – Plymouth.

We take this incident very seriously and the confidentiality, privacy, and security of the information provided to us is one of our highest priorities.

What Happened?

Timeline

June 11, 2019 – Harbor Health discovered suspicious activity occurring within a Harbor Health Plymouth employee email account.  We immediately started an investigation into the nature and scope of the activity.

June 24, 2019 – Harbor Health’s third-party forensic investigators determined that on June 11, 2019 an unauthorized actor had accessed the employee email account for a period of approximately 40 minutes.

July 30, 2019 – The investigation confirmed that personal information relating to a limited number of patients who had an appointment at our Plymouth health center was contained in the email account.

Harbor Health is unable to determine which emails, if any, were viewed without authorization.

Because we are unable to rule out access to any particular email, we are reviewing the entire contents of the affected email account and will mail affected patients notification letters when the process is complete. 

While the review of the contents is ongoing, the types of information that were potentially accessible includes patient names and appointment information such as time, date, provider name, and appointment type.

What Are We Doing in Response to this Incident? 

The security of our patients’ information is extremely important to us and we apologize for any difficulty and concern this incident may cause.

As part of our ongoing commitment to the security of the information in our care, we changed the employee’s email credentials and implemented additional security measures. We are also reviewing our existing policies and procedures to further enhance the security of our network.

We take this incident very seriously and are providing information below so that you can take the steps you feel are appropriate.

What Can I Do in Response to this Incident?

We encourage you to remain vigilant against incidents of identity theft and fraud.

As a best practice, if you receive a notice from us that your information was accessible, you should review your financial account statements, credit reports and explanation of benefits forms for suspicious activity.

If you see any unauthorized charges, promptly contact the bank or credit card company.  We also recommend reviewing your credit report for inquiries from companies that you have not contacted, accounts you did not open and debts on our accounts that you cannot explain.

Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report.

You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian

PO Box 9554

Allen, TX 75013

1-888-397-3742

www.experian.com

 TransUnion

P.O. Box 2000

Chester, PA 19016

1-888-909-8872

www.transunion.com

  

Equifax

PO Box 105788

Atlanta, GA 30348-5788

1-800-685-1111

www.equifax.com

 

In order to request a security freeze, you will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
  7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

The credit reporting agencies have one (1) to three (3) business days after receiving your request to place a security freeze on your credit file report, based upon the method of the request.  The credit bureaus must also send written confirmation to you within five (5) business days and provide you with the process by which you may remove the security freeze, including an authentication mechanism.

Upon receiving a direct request from you to remove a security freeze and upon receiving proper identification from you, the consumer reporting agency shall remove a security freeze within one (1) hour after receiving the request by telephone for removal or within three (3) business days after receiving the request by mail for removal.

As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.

If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed above.

Under Massachusetts law, you have the right to obtain any police report filed in regard to this incident.  If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.

You can also further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, your state Attorney General, or the Federal Trade Commission (FTC).

The Federal Trade Commission can be reached at:

600 Pennsylvania Avenue NW
Washington, DC 20580

www.identitytheft.gov

1-877-ID-THEFT (877-438-4338)
TTY: 866-653-4261

The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them.  You can also obtain further information on how to file such a complaint by way of the contact information listed above.

For More Information

We understand that you may have questions about this incident that are not addressed in this notice. For more information regarding the event, please contact our dedicated call center at 1-800-939-4170, Monday through Friday, 9:00 am  to 8:00 pm ET (excluding US holidays). You can also write to us at 1135 Morton Street, Mattapan, MA 02126.