Notice of Data Security Event

Valley Hope Association is notifying affected individuals of a data security event that may have affected the security of some of their information. We are unaware of any attempted or actual misuse of information relating to this data security event. We are providing notification of this incident to affected individuals so that they may take steps to protect their information should they feel it is appropriate to do so.

What happened? On December 30, 2015, a Valley Hope Association employee had her work-issued laptop stolen from her vehicle. The laptop was password protected. The theft of the laptop was discovered on December 30, 2015, and immediately reported to local law enforcement. This notice has not been delayed at the request of law enforcement. However, law enforcement is actively investigating this matter and Valley Hope Association is cooperating in the ongoing criminal investigation. To date, there have been no arrests relating to the theft nor has the laptop been recovered.

What information is involved? While investigations into this data security event are ongoing, we determined the security of some information relating to certain individuals affiliated with Valley Hope Association has been affected. The affected information includes an individual’s name combined with one or more of the following data elements: Social Security number, date of birth, address, treating physician name, treatment type, treatment location, patient/account number, diagnosis and clinical information, phone number, medical record number, disability code, driver’s license number/state identification number, username and password, tax identification number, health insurance information, financial information, and medication information.

What are we doing? Valley Hope Association takes the security of information within our care very seriously. The employee reported the theft to Valley Hope Association on December 30, 2015, and we immediately launched an investigation to determine the precise contents of the laptop at the time of the theft. We also disabled the laptop’s network connection capabilities, disabled the employee’s access credentials, and confirmed that our network systems were not accessed by the laptop since the employee’s last valid access before the laptop was stolen. To assist in our investigation, third-party forensics experts have been retained to confirm the nature and scope of this incident.

Notification. On or around February 26, 2016, we will begin mailing notice letters disclosing this incident to affected individuals for whom we have valid postal addresses. We will also disclose this incident to certain state and federal regulators.

Credit Monitoring. As the investigations continue, and out of an abundance of caution, we are offering affected individuals access to a one-year membership to credit monitoring and restoration services, at no cost to the affected individuals. Notification letters to affected individuals contain information on these services and enrollment instructions for the credit monitoring services.

What can you do? We encourage affected individuals to remain vigilant against incidents of identity theft and fraud and seek to protect against possible identity theft or other financial loss by regularly reviewing their financial account statements for any charges they did not make. We also encourage affected individuals to notify their financial institutions, and health care insurers of this data security event to seek advice regarding protecting their accounts. Affected individuals may also regularly review the explanation of benefits statement(s) that they receive from their health care provider or health plan. If you see any service that you believe you did not receive, you should contact your health care provider or health plan at the telephone number listed on the explanation of benefits statements. If you do not receive regular explanation of benefits statements, contact your health care provider or health plan and ask that they send you a copy after each visit you make to your health care provider.

We also suggest that affected individuals carefully review their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To obtain a free credit report, you may visit www.annualcreditreport.com, or call, toll-free, (877) 322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report. When individuals receives their credit reports, they should be reviewed carefully. Individuals are encouraged to look for accounts they did not open as well as inquiries from creditors that they did not initiate. Also, individuals should look for personal information that is not accurate, such as home address or Social Security Number. If you are affected and see anything on the report that you do not understand, call the credit reporting agency at the telephone number on the report. If you find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft. You should ask for a copy of the police report, as you may need to give copies of the police report to creditors to clear your records. Even if you do not find any signs of fraud on your reports, we recommend that you check your credit reports periodically.

At no charge, affected individuals can also have these credit bureaus place a “fraud alert” on their file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Please note, however, that because it tells creditors to follow certain procedures to protect an individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms a fraud alert, the others are notified to place fraud alerts on an individual’s file. If you are affected and wish to place a fraud alert, or you have questions regarding your credit report, you can contact any one of the following agencies:

Equifax
P.O. Box 105069
Atlanta, GA 30348
800-525-6285
www.equifax.com

Experian
P.O. Box 2002
Allen, TX 75013
888-397-3742
www.experian.com

TransUnion
P.O. Box 2000
Chester, PA 19022-2000
800-680-7289
www.transunion.com

 

Affected individuals may also place a security freeze on their credit reports. A security freeze prohibits a credit bureau from releasing any information from a consumer’s credit report without the consumer’s written authorization. However, please be advised that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing or other services.

If an affected individual has been a victim of identity theft, and provides the credit bureau with a valid police report, he or she will not be charged to place, lift or remove a security freeze. In other cases, a credit bureau may charge a fee to place, temporarily lift, or permanently remove a security freeze. Individuals will need to place a security freeze separately with each of the three major credit bureaus listed above if you wish to place the freeze on all of their credit files.

For more information on how to place a security freeze, affected individuals may use the following contact information:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111
(NY residents please call
1-800-349-9960)
www.equifax.com/help/credit-freeze/en_cp

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html

TransUnion Security Freeze
P.O. Box 2000
Chester, PA 19022-2000
1-888-909-8872
www.transunion.com/securityfreeze

Affected individuals can further educate themselves regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect themselves, by contacting your state Attorney General or the Federal Trade Commission (FTC). The FTC also encourages those who discover that their information has been misused to file a complaint with them. The FTC can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. If you are affected, you should also report known or suspected identity theft to your state Attorney General or local law enforcement. Your state Attorney General may have advice on preventing identity theft. You can also learn more about placing a fraud alert or security freeze on your credit files by contacting the FTC or your state Attorney General. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-919-716-6400, www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, www.oag.state.md.us.

For more information. We have established a confidential, toll-free hotline to assist affected individuals with questions regarding the incident, the identity monitoring and protections services we are making available, and steps they may take to protect themselves against identity theft and fraud. The hotline is available Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time at (855) 904-5729. If you would like to confirm whether you are affected by this incident, you may call our hotline. A representation will take down your information and we will review our records to confirm if you are affected.