Submitting Request...

Notice of Incident

NOTICE OF IMPERIUM HEALTH MANAGEMENT, LLC DATA INCIDENT

Ogden Clinic recently learned of a data security incident experienced by Imperium Health Management, LLC (“Imperium”) that may have impacted the protected health information (“PHI”) of some of its patients.

What happened?

Ogden Clinic uses Imperium to manage the care of Medicare beneficiaries. On April 23, 2020, Imperium learned of suspicious activity associated with two corporate email accounts. In response, Imperium secured the email accounts and began an investigation. Imperium also hired a computer forensic firm to assist with the investigation. The forensic investigators determined that an unauthorized actor gained access to two Imperium employees’ email accounts for a limited period of time. On June 18, 2020, Imperium learned that health information was contained in the two email accounts and may have been visible to the unauthorized actor. To date, Imperium reports it has found no evidence that any personal information was in fact viewed, accessed, or acquired. Imperium notified Ogden Clinic of the incident on October 1, 2020.

What information was involved?

According to Imperium, their investigation concluded that the email accounts contained health information such as patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which may contain Social Security numbers), and limited treatment and clinical information.

What is Imperium doing?

Imperium reports that they have taken several corrective actions to remediate and prevent a further security incident, and to mitigate the effects of the security incident. According to Imperium, Imperium is educating employees on how to identify and avoid phishing emails and implementing additional security measures, including multi-factor authentication for remote access to its systems and new protocols for the secure transfer of personal information.

What is Ogden Clinic doing?

We take the privacy and security of personal information seriously. Letters were sent to all impacted patients and impacted individuals whose Medicare Health Insurance Claim Numbers (which may contain Social Security numbers) may be involved, can obtain, at no cost, credit monitoring and identity protection services.

Ogden Clinic is also reviewing contracts with third-parties and updating contracts where necessary to ensure that PHI is adequately protected.

What you can do.

As a best practice, we encourage our patients to review financial account statements and claims information from your health insurance provider, and to monitor credit reports for suspicious activity. Any suspicious activity should be reported to the proper law enforcement authorities.

For more information:

To verify and obtain additional information regarding whether your information was potentially affected by this incident, please call please call 1‐855-223-7519, toll‐free, Monday through Friday, 7:00 am – 7:00 pm, and Saturday through Sunday, 9:00 am – 6:00 pm, Mountain Time.

Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity. We apologize for any inconvenience this Imperium Health Management, LLC security incident may have caused.