Twelve Oaks takes seriously the confidentiality of our patients’ information and are notifying certain individuals of a recent security incident so they can take steps to protect that information.
On December 13, 2020, we identified unusual network activity. We immediately took steps to secure the network and began an investigation with the assistance of a computer forensic firm. The investigation determined that an unauthorized person gained access to our network and, on December 13, 2020, deployed malware and acquired copies of some of the documents on our systems.
On December 14, 2020, we learned that those documents contained personal information and therefore conducted a review of all documents involved to determine what information may have been affected. Through this review, we concluded that the affected documents contained some patients’ information, such as their names, addresses, dates of birth, Social Security numbers, and/or medical record numbers.
This incident did not involve all Twelve Oaks patients; but only those whose information was identified in the documents at issue.
Further, it is important to note that we have no indication that any of this information has been misused. However, beginning February 12, 2021, we are mailing notification letters to affected patients for whom we have a valid address. Affected individuals should refer to the notice they receive in the mail regarding the steps they can take to protect their information. We have also established a dedicated, toll-free call center for patients to call with questions, available at 1-800-853-0671, Monday through Friday, between 9 a.m. and 9 p.m. Eastern Time. As a best practice, it is always advisable for individuals to review statements received from their healthcare providers and health insurers. If individuals see any charges for services that they did not receive, they should call the provider or insurer immediately.
We are very sorry that this incident occurred and for any concern this may cause. We continually evaluate and modify our practices to enhance the security and privacy of the personal and protected health information in our possession. To help prevent something like this from happening again, we are continuing to regularly audit our systems for potential unauthorized activity and have implemented enhanced network monitoring tools.