Ogden Clinic recently learned of a data security incident experienced by Imperium Health Management, LLC (“Imperium”) that may have impacted the protected health information (“PHI”) of some of its patients.
Ogden Clinic uses Imperium to manage the care of Medicare beneficiaries. On April 23, 2020, Imperium learned of suspicious activity associated with two corporate email accounts. In response, Imperium secured the email accounts and began an investigation. Imperium also hired a computer forensic firm to assist with the investigation. The forensic investigators determined that an unauthorized actor gained access to two Imperium employees’ email accounts for a limited period of time. On June 18, 2020, Imperium learned that health information was contained in the two email accounts and may have been visible to the unauthorized actor. To date, Imperium reports it has found no evidence that any personal information was in fact viewed, accessed, or acquired. Imperium notified Ogden Clinic of the incident on October 1, 2020.
According to Imperium, their investigation concluded that the email accounts contained health information such as patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (which may contain Social Security numbers), and limited treatment and clinical information.
Imperium reports that they have taken several corrective actions to remediate and prevent a further security incident, and to mitigate the effects of the security incident. According to Imperium, Imperium is educating employees on how to identify and avoid phishing emails and implementing additional security measures, including multi-factor authentication for remote access to its systems and new protocols for the secure transfer of personal information.
We take the privacy and security of personal information seriously. Letters were sent to all impacted patients and impacted individuals whose Medicare Health Insurance Claim Numbers (which may contain Social Security numbers) may be involved, can obtain, at no cost, credit monitoring and identity protection services.
Ogden Clinic is also reviewing contracts with third-parties and updating contracts where necessary to ensure that PHI is adequately protected.
To verify and obtain additional information regarding whether your information was potentially affected by this incident, please call please call 1‐855-223-7519, toll‐free, Monday through Friday, 7:00 am – 7:00 pm, and Saturday through Sunday, 9:00 am – 6:00 pm, Mountain Time.
Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity. We apologize for any inconvenience this Imperium Health Management, LLC security incident may have caused.