Questcare Medical Services announced Friday that it is addressing a security incident that involved the personal information of patients in the Dallas/Fort Worth/Arlington area.
Questcare said in a statement that it has begun an internal investigation, notified individuals who may have been affected and implemented additional security measures to prevent future occurrences.
On Feb. 13, Questcare determined an unauthorized third party obtained access to an employee’s email account. The account contained information including patients’ names and, in some instances, date of birth or age and limited clinical information. The information did not include patients’ Social Security numbers, credit card information or other sensitive financial information, Questcare said.
The company said it does not have any evidence that the information has been used inappropriately.
On April 12, Questcare sent written notification to all potentially affected patients for whom it has contact information, the company said. If individuals did not receive written notification but have received Emergency Department care from Questcare in the Dallas/Fort Worth/Arlington area or believe they could have been affected, they can request information by calling the confidential inquiry line at 1-855-821-6795 from 9 a.m. to 9 p.m. EDT Monday through Friday.
The company’s statement didn’t indicate how many patients may have been affected.
“Questcare takes the security of personal information and its systems very seriously,” the statement said. “The company is working with a leading forensic security firm to assist in the investigation. Questcare is also taking steps to prevent this type of incident from occurring in the future, including implementing Advanced Threat Protection and providing staff members with additional training and reminders about email and internet technology security.”
Individuals should refer to the notice they received in the mail to learn how they can protect themselves against potential fraud and identity theft, the company said.
“As a precautionary measure, individuals should remain vigilant about opening suspicious emails and reviewing their account statements and credit reports,” the statement said. “If unauthorized activity is suspected, they should promptly notify the financial institution or company with which the account is maintained and report the activity to the proper law enforcement authorities, including the police and the Texas attorney general.”
The Federal Trade Commission offers additional information on fraud alerts, security freezes and ways to avoid identity theft. These can be found by visiting www.ftc.gov/idtheft, calling 1-877-438-4338 or sending a letter to: Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580.