K&B Surgical Center LLC Notifies Patients of Data Security Incident
K and B Surgical Center, LLC (“K&B”) has become aware of a data security incident that may have resulted in an unauthorized access to some of our patients’ sensitive personal information. While we are unaware of any misuse of personal information at this time, K&B sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control.
On March 30, 2021, K&B discovered that an unauthorized user had gained access to its network. Upon discovery of this incident, K&B promptly engaged a specialized cybersecurity firm to conduct a forensic investigation to determine the nature and scope of the incident. On April 27, 2021, the forensic investigation determined that an unauthorized user accessed K&B’s systems from March 24, 2021 to March 30, 2021. Then K&B performed data mining on the affected servers to identify the specific individuals and the types of information that may have been compromised, and on July 27, 2021, K&B finalized the list of individuals to notify. At this time, K&B has no reason to believe any personal information has been misused by third parties.
What Information Was Involved?
The types of information involved varied by individual. However, the information potentially exposed during the unauthorized access may have included an individual’s name, date of birth, address, phone number, Social Security Number, driver’s license number, passport number, and protected health information, including, but not limited to, medical diagnosis, treatment and prescription information, provider name, patient ID, Medicare/Medicaid number, lab results, health insurance information, and treatment cost information.
What We Are Doing
K&B is committed to ensuring the privacy and security of all personal information in our care. Since the discovery of the incident, K&B have taken and will continue to take steps to mitigate the risk of future issues. Specifically, K&B engaged a specialized cybersecurity firm to conduct a forensic investigation to determine the nature and scope of the incident. K&B also changed passwords for all user accounts, VPN connections, and emails, installed new anti-virus security systems and threat monitoring programs on all computers, implemented periodic network security audits, re-trained employees on security, and updated the security rule risk analysis. Furthermore, for some of the patients, K&B has arranged for its patients to enroll in complimentary credit monitoring services through Equifax.
What You Can Do
K&B encourages all patients to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that individuals contact his/her financial institution and all major credit bureaus to inform them of such a breach and take the recommended steps to protect his/her interests, including the possible placement of a fraud alert on the credit file. For more information, please see the Additional Important Information below.
For More Information
K&B recognizes that our patients may have questions not addressed in this notice. For more information, please call 800-620-7091 (toll free) during the hours of 6 a.m. and 6 p.m. Pacific Standard Time, Monday through Friday (excluding U.S. national holidays).
K&B Surgical Center LLC
Sabrina Khalili, Marketing Manager
Additional Important Information
For residents of all states:
Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone or online. A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years.
P.O. Box 9554Allen, TX 750131-888-397-3742
P.O. Box 2000
Chester, PA 19016
P.O. Box 105069
Atlanta, GA 30348
Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.
Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:
P.O. Box 9554
Allen, TX 75013
P.O. Box 160
Woodlyn, PA 19094
P.O. Box 105788
Atlanta, GA 30348-5788
More information can also be obtained by contacting the Federal Trade Commission:
Federal Trade Commission – Consumer Response Center: 600 Pennsylvania Ave, NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338); www.identitytheft.gov.
For residents of Hawaii, Michigan, Missouri, North Carolina, Vermont, Virginia, and Wyoming: It is recommended by state law that you remain vigilant for incidents of fraud and identity theft by reviewing credit card account statements and monitoring your credit report for unauthorized activity.
For residents of Colorado, Illinois, Iowa, Maryland, Missouri, New Mexico, North Carolina, Oregon, and West Virginia: It is required by state laws to inform you that you may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit www.annualcreditreport.com, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at https://www.consumer.ftc.gov/articles/0155-free-credit-reports) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.
For residents of Iowa: State law advises you to report any suspected identity theft to law enforcement or to the Attorney General.
For residents of New Mexico: State law advises you to review personal account statements and credit reports, as applicable, to detect errors resulting from the security breach.
For residents of Massachusetts: It is required by state law that you are informed of your right to obtain a police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.
For residents of Oregon: State law advises you to report any suspected identity theft to law enforcement, including the Attorney General, and the Federal Trade Commission.
For residents of Rhode Island: It is required by state law that you are informed of your right to file or obtain a police report in regard to this incident.
For residents of Arizona, Colorado, District of Columbia, Illinois, Maryland, New York, North Carolina, and Rhode Island: You can obtain information from the Offices of the Attorney General and the Federal Trade Commission about fraud alerts, security freezes, and steps you can take toward preventing identity theft.
Federal Trade Commission – Consumer Response Center: 600 Pennsylvania Ave, NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338); www.identitytheft.gov
Arizona Office of the Attorney General Consumer Protection & Advocacy Section, 2005 North Central Avenue, Phoenix, AZ 85004 1-602-542-5025
Colorado Office of the Attorney General Consumer Protection 1300 Broadway, 9th Floor, Denver, CO 80203 1-720-508-6000 www.coag.gov
District of Columbia Office of the Attorney General – Office of Consumer Protection: 400 6th Street, NW, Washington, DC 20001; 202-727-3400; www.oag.dc.gov
Illinois office of the Attorney General – 100 West Randolph Street, Chicago, IL 60601; 1-866-999-5630; www.illinoisattorneygeneral.gov
Maryland Office of the Attorney General – Consumer Protection Division: 200 St. Paul Place, 16th floor, Baltimore, MD 21202; 1-888-743-0023; www.oag.state.md.us
New York Office of Attorney General – Consumer Frauds & Protection: The Capitol, Albany, NY 12224; 1-800-771-7755; https://ag.ny.gov/consumer-frauds/identity-theft
North Carolina Office of the Attorney General – Consumer Protection Division: 9001 Mail Service Center, Raleigh, NC 27699; 1-877-566-7226; www.ncdoj.com
Rhode Island Office of the Attorney General – Consumer Protection: 150 South Main St., Providence RI 02903; 1-401-274-4400; www.riag.ri.gov