In today’s digital age, the security of personal health information is paramount, especially when entrusting your care to healthcare professionals. Sports medicine doctors, like all medical practitioners, are committed to protecting patient data. Recently, Mississippi Sports Medicine and Orthopaedic Center (“MSMOC”), a provider of sports medicine and orthopaedic services, announced an update to a previous notice regarding a data security event. This article breaks down the MSMOC incident, explains what it means for patients, and outlines steps you can take to safeguard your information. Understanding these events is crucial for anyone seeking care from a sports medicine doctor or any healthcare provider.
Understanding the MSMOC Data Security Incident
On March 9, 2022, MSMOC detected suspicious activity within their computer network, including the unauthorized encryption of data. Immediate action was taken to secure their network and launch an investigation with cybersecurity experts. The investigation revealed that unauthorized access occurred between March 3 and March 9, 2022, potentially involving the viewing or theft of files. Furthermore, on March 11, 2022, it was discovered that some patient records were inaccessible after the system was restored from backups. MSMOC physicians and staff worked to restore and recreate patient records using available information.
A comprehensive review of the affected files was conducted to identify any sensitive information and the patients impacted. MSMOC has begun mailing letters to potentially affected individuals, detailing the specific information that may have been involved for each person. It’s important to note that not all patients were affected, and the type of information involved varied. If you received a letter, it’s crucial to carefully review the “What Information Was Involved?” section. Patients who believe they may be affected but did not receive a letter are advised to contact MSMOC’s assistance line for more information.
The inaccessible patient records are those created between February 28, 2022, and March 8, 2022. These records may include doctor’s and surgical notes, appointment records, X-ray, MRI, and surgical images, billing information, and prior authorization records.
The types of personal information potentially compromised due to unauthorized network activity include: names, Social Security numbers, addresses, phone numbers, email addresses, dates of birth, medical record numbers, health plan beneficiary numbers, signatures, and medical and clinical information, such as diagnoses, treatment histories, disability information, physician names, and health insurance details. This broad range of data underscores the sensitivity of information entrusted to healthcare providers, including sports medicine doctors and clinics.
MSMOC’s Response and Actions Taken
MSMOC emphasizes that they are taking this data security event with utmost seriousness. Upon discovery, they acted swiftly to restore operations and enhance system security. MSMOC is currently reviewing and updating their policies and procedures and implementing additional administrative and technical safeguards to strengthen data protection. Federal law enforcement and the U.S. Department of Health and Human Services have also been notified. These measures demonstrate a commitment to patient privacy and data security, essential aspects of trust in the relationship between patients and their sports medicine doctors or any healthcare provider.
Steps for Potentially Affected Individuals
Current and former MSMOC patients who may be affected are urged to be vigilant against identity theft. This includes regularly reviewing account statements and explanations of benefits for any unusual activity. Any suspicious activity should be promptly reported to your insurance company, healthcare provider, or financial institution. Further details and recommended steps are provided in the notification letters sent to affected individuals and outlined below. These precautions are relevant for anyone concerned about their health information privacy after receiving care from a sports medicine doctor or any medical facility.
Protecting Your Information: Recommended Actions
To help protect your personal information, consider the following steps:
Monitor Your Accounts:
Under U.S. law, you are entitled to a free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. You can order your free reports by visiting www.annualcreditreport.com or calling 1-877-322-8228. You can also contact these bureaus directly to request your credit report.
Fraud Alerts:
You have the right to place a free “fraud alert” on your credit file. An initial fraud alert lasts for one year and requires businesses to verify your identity before extending new credit. If you are an identity theft victim, you can request an extended fraud alert lasting seven years. To place a fraud alert, contact any of the three major credit reporting bureaus.
Credit Freezes:
A “credit freeze” prohibits credit bureaus from releasing your credit information without your express authorization. This measure can prevent unauthorized credit, loans, and services from being approved in your name. However, be aware that a credit freeze may delay or interfere with the timely approval of new credit applications. Federal law prohibits charging fees to place or lift a credit freeze. To request a credit freeze, you will need to provide specific personal information, including:
- Full name (including middle initial and suffixes)
- Social Security number
- Date of birth
- Addresses for the past two to five years
- Proof of current address (e.g., utility bill)
- Legible copy of government-issued ID (e.g., driver’s license)
- If applicable, a copy of a police report or complaint related to identity theft
Contact Information for Credit Bureaus:
| EQUIFAX | EXPERIAN | TRANSUNION |
|---|---|---|
| https://www.equifax.com/personal/credit-report-services/ | https://www.experian.com/help/ | https://www.transunion.com/credit-help |
| 1.888.298.0045 | 1.888.397.3742 | 1.833.395.6938 |
| Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069 | Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013 | TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016 |
| Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 | Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013 | TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094 |
Additional Resources:
For further information on identity theft, fraud alerts, credit freezes, and protecting your personal information, you can contact:
- The consumer reporting bureaus listed above.
- The Federal Trade Commission (FTC): 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The FTC also encourages victims of identity theft to file a complaint.
- Your state Attorney General.
Reporting identity theft to law enforcement and your state Attorney General is also recommended.
State Attorney General Contact Information:
- Maryland Residents: 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-410-528-8662 or 1-888-743-0023; www.oag.state.md.us.
- New York Residents: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; https://ag.ny.gov/.
- North Carolina Residents: 9001 Mail Service Center, Raleigh, NC 27699-9001; 1-877-566-7226 or 1-919-716-6000; www.ncdoj.gov.
Conclusion: Maintaining Trust in Sports Medicine and Healthcare
Data security is a critical aspect of modern healthcare. Incidents like the one experienced by MSMOC highlight the importance of robust security measures and patient vigilance. For patients of sports medicine doctors and all healthcare providers, understanding these risks and taking proactive steps to protect personal information is essential. By staying informed and utilizing available resources, patients can better safeguard their data and maintain confidence in the healthcare system. If you have further questions regarding the MSMOC data security event, please contact their assistance line at (800) 624-9168, 7:00am CT – 5:00pm CT, Monday through Friday, or write to MSMOC at 1325 East Fortification St., Jackson, MS 39202, Attn: Compliance Officer.
