Allergy & Asthma Medical Group of the Bay Area, Inc. Notice of Data Privacy Incident
Berkeley, CA – Allergy & Asthma Medical Group of the Bay Area, Inc. (“AAMG”), provides medical services to patients. AAMG recently became aware of a privacy incident that potentially affects certain limited information of some patients who have received, or are currently receiving, services at its Berkeley location. While, to date, AAMG has no evidence of actual or attempted misuse of the information, in an abundance of caution, AAMG is providing notice of this event to potentially impacted individuals, as well as to certain state and federal regulators.
On April 28, 2020, AAMG discovered that its Berkeley physicians’ office was broken into during the evening of April 27, 2020. AAMG immediately initiated an investigation during which it learned that three laptops were stolen. These laptops were secured. Nevertheless AAMG took a conservative approach that the bad actor(s) may have gained access to them. Accordingly, AAMG’s investigation included identifying what information was present on the laptops and to whom that information related. AAMG learned that the following limited information relating to FeNo results was potentially viewable on the laptop: name, date of birth, AAMG ID number, physician name, and FeNo test results that included a graph of such results. AAMG confirmed that the laptops did not contain financial information, such as a Social Security Number, credit card number, insurance information, or medical records.
AAMG mailed notice letters on May 29, 2020 to potentially affected individuals. The notice includes an offer of access to twelve (12) months of identity theft monitoring services at no cost to the individual by contacting the AAMG’s Risk Management office. In addition, the notice encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports and explanation of benefits forms for suspicious activity and to detect errors. AAMG is recommending that potentially impacted individuals obtain a free credit report annually from each of the three major credit reporting bureaus by visiting www.annualcreditreport.com, calling 877-322-8228, or contacting the three major credit bureaus directly at: Equifax, P.O. Box 105069, Atlanta, GA, 30348, 1-800-685-1111, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; TransUnion, P.O. Box 2000, Chester, PA 19016, 800-680- 7289, www.transunion.com. Potentially impacted individuals may also find information regarding identity theft, fraud alerts, security freezes and the steps they may take to protect their information by contacting the credit bureaus, the Federal Trade Commission or their state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement and the individual’s state Attorney General. AAMG has provided notice of this incident to the U.S. Department of Health and Human Services, as well as to required state regulators.
Information privacy and security are of the highest priority for AAMG. Upon learning of this incident, a thorough investigation was initiated, which is ongoing at this time. While strict security safeguards exist to protect patient information, AAMG’s response to this incident includes a reassessment of its systems and the technical, physical, and other safeguards present that are designed to protect those systems. In
addition, employee retraining is being conducted regarding AAMG’s security and privacy policies and procedures and on security and privacy generally. AAMG is also reviewing and assessing its security measures for potential enhancements.
Individuals seeking additional information regarding this incident may call 877-748-6500, Monday through Friday, 6:00 a.m. to 2:00 p.m. PT.