HME Specialists, LLC Notifies of Data Security Incident
HME Specialists, LLC (“HME”) is committed to maintaining the privacy and security of the information that it maintains. HME recently notified individuals of a data security incident involving access to a limited number of HME email accounts by an unauthorized-party.
Upon learning of this issue, HME secured the accounts and commenced a prompt and thorough investigation. As part of its investigation, HME engaged external cybersecurity professionals experienced in handling these types of incidents. The investigation worked to identify what personal information, if any, might have been contained in the affected email accounts. After an extensive forensic investigation and comprehensive and time-consuming manual document review, HME discovered on March 11, 2021 that one or more of the email accounts accessed between June 24, 2020 and July 14, 2020 contained identifiable personal and/or protected health information. HME has no evidence to suggest that any data is misused or otherwise in the possession of someone it should not be. However, out of an abundance of caution, we are issuing notices to anyone whose information may have been contained in the accessed accounts.
The accessed email accounts contained the personal and protected health information of certain individuals, including their names, dates of birth, diagnosis and/or clinical treatment information, and, in a limited number of cases, Social Security numbers, driver’s license numbers, financial account information, credit card numbers, and usernames and passwords. This incident does not affect all clients of HME and not all information was included for all individuals.
HME is sending notification letters to each affected individual for whom we have enough information to determine a physical address. Notified individuals have been provided with best practices to protect their information and have been reminded to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity. It has also been recommended that affected individuals review the explanation of benefits statements that they receive from their health insurance providers and follow up on any items not recognized. Individuals whose Social Security numbers were contained in the impacted accounts have been offered complimentary credit monitoring for twelve months.
Since the date of this incident, HME has taken measures to improve its technical safeguards in order to minimize the risk of a similar incident in the future, including implementing additional technical safeguards on its email system, implementing multifactor authentication, and providing additional training to employees to increase awareness of the risks of malicious emails.
For further questions or additional information regarding this incident, or to determine if you may be impacted, HME has set up a dedicated toll-free response line for individuals to ask questions. The response line can be contacted at 855-654-0897 is available Monday through Friday, 7:00 a.m. to 7:00 p.m. Mountain Time.