About the data privacy event

Loudoun Medical Group d/b/a Comprehensive Sleep Care Center (CSCC) recently learned of an incident that may affect the privacy of certain information.  Loudoun Medical Group d/b/a CSCC is providing notice of the event so potentially affected individuals may take steps to better protect their personal information, should they feel it appropriate to do so.

Frequently asked questions

What Happened?  On or around June 19, 2019, Loudoun Medical Group d/b/a CSCC became aware of suspicious activity related to an employee’s email account. We immediately commenced an investigation into the activity.  The investigation included working with third party forensic investigators to confirm the nature and scope of the incident.  On July 12, 2109, the forensic investigation confirmed that the employee fell victim to an email phishing scheme that allowed an unauthorized actor to gain access to the email account. The investigation also determined that it could not rule out access to data present in the account at the time of the unauthorized access.  While we have no evidence of actual or attempted misuse of information present in the email account, in an abundance of caution, we are currently undertaking a comprehensive review of the data present in the account to confirm what records may be present.

What Information Was Involved? The investigation in this matter is ongoing. Upon conclusion of this investigation, Loudoun Medical Group d/b/a CSCC will be taking steps to directly notify those individuals whose information was present within the relevant email account and provide detail on what specific information may be affected.

What is Loudoun Medical Group d/b/a CSCC Doing?  The security of personal information is one of our highest priorities and we take this incident very seriously.  Upon learning of this incident, we immediately took steps to ensure the security of our email environment and investigate the activity. Loudoun Medical Group d/b/a CSCC is working diligently to identify the individuals whose information may be present in the relevant email account and to provide them with further information regarding this incident.  We are also reviewing our existing policies and procedures and will be reporting this incident to relevant state and federal regulators, as required.

What You Can Do?  Loudoun Medical Group d/b/a CSCC encourages individuals to review and consider the information and resources outlined in the below “Privacy Safeguards.”

Privacy Safeguards

Monitor Your Accounts

Loudoun Medical Group d/b/a CSCC encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud by reviewing their accounts, explanations of benefits, and credit reports for suspicious activity, to detect errors.  You are encouraged to report any suspicious activity to the affiliated institutions immediately.  Under U.S. law, individuals with credit reports are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also contact the three major credit bureaus directly to request a free copy of your credit report.

You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian

PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html

TransUnion

P.O. Box 2000
Chester, PA 19016
1-888-909-8872
www.transunion.com/credit-freeze

Equifax

PO Box 105788
Atlanta, GA 30348-5788
1-800-685-1111
www.equifax.com/personal/credit-report-services

In order to request a security freeze, you will need to provide the following information:

  1. Your full name (including middle initial as well as Jr., Sr., II, III, etc.);
  2. Social Security number;
  3. Date of birth;
  4. If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
  5. Proof of current address, such as a current utility bill or telephone bill;
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
  7. If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.

As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed below:

Experian

P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com/fraud/center.html

TransUnion

P.O. Box 2000
Chester, PA 19016
1-800-680-7289
www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069
Atlanta, GA 30348
1-888-766-0008
www.equifax.com/personal/credit-report-services

You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud.  Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim.  Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.  This notice has not been delayed by law enforcement.


Frequently Asked Questions

  1. WHAT HAPPENED?

On or around June 19, 2019, Loudoun Medical Group d/b/a Comprehensive Sleep Care Center (CSCC) became aware of suspicious activity related to an employee’s email account. We immediately commenced an investigation into the activity.  The investigation included working with third party forensic investigators to confirm the nature and scope of the incident.  On July 12, 2109, the forensic investigation confirmed that the employee fell victim to an email phishing scheme that allowed an unauthorized actor to gain access to the email account. The investigation also determined that it could not rule out access to data present in the account at the time of the unauthorized access.  While we have no evidence of actual or attempted misuse of information present in the email account, in an abundance of caution, we are currently undertaking a comprehensive review of the data present in the account to confirm what records may be present.

  1. WHAT DID LOUDOUN MEDICAL GROUP D/B/A CSCC DO WHEN THE INCIDENT WAS DISCOVERED?

Upon discovering this incident, we quickly took steps to secure the relevant email account and we are working with computer forensics experts to confirm the scope of this incident.  Loudoun Medical Group d/b/a CSCC is undertaking a comprehensive review of the information contained in the relevant email account to identify individuals impacted by this incident and will also be taking steps to notify potentially impacted individuals and regulators, as necessary.

  1. WILL I RECEIVE A LETTER REGARDING THIS INCIDENT?

We will be notifying individuals directly whose personal information was contained in the account at the time of the incident.

  1. WHAT INFORMATION IS AT RISK?

The investigation in this matter is still ongoing. Upon conclusion of this investigation, we will be taking steps to directly notify those individuals whose information is present within the relevant email account and provide detail on what specific information may be affected.

  1. WHY DID IT TAKE SO LONG TO NOTIFY ME?

We take the security of personal information in our care seriously.  Since learning of this incident, we have been working diligently, with the assistance of third-party forensic investigators, to determine what information may have been present in the account, to whom the information related, and contact information for those individuals.  This effort remains ongoing.

  1. How can I protect my information?

Loudoun Medical Group d/b/a CSCC encourages all individual who may be affected by this incident to remain vigilant and continue to monitor your statements and explanation of benefits for unusual activity or any charges you did not make.  You are encouraged to report any suspicious activity to the affiliated institutions immediately.

Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.  To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of their credit report.

You have the right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Should you wish to place a security freeze, please contact the major consumer reporting agencies listed below:

Experian

PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze

TransUnion

P.O. Box 2000
Chester, PA 19016
1-888-909-8872
www.transunion.com/credit-freeze

Equifax

PO Box 105788
Atlanta, GA 30348-5788
1-800-685-1111
www.equifax.com/personal/credit-report-services

As an alternative to a security freeze, you have the right to place an initial or extended “fraud alert” on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed below:

Experian

P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com/fraud/center.html

TransUnion

P.O. Box 2000
Chester, PA 19106
1-800-680-7289
www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069
Atlanta, GA 30348
1-888-766-0008
www.equifax.com/personal/credit-report-services

To further educate yourself regarding identity theft, fraud alerts, and the steps you can take to protect yourself contact the Federal Trade Commission or your state Attorney General.  Instances of known or suspected identity theft should also be reported to law enforcement.

  1. WHAT IS THE PURPOSE OF A “FRAUD ALERT”?

An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file at no cost to the consumer.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Should you wish to place a fraud alert, please contact any one of the agencies listed below:

Experian

P.O. Box 2002
Allen, TX 75013
1-888-397-3742
www.experian.com/fraud/center.html

TransUnion

P.O. Box 2000
Chester, PA 19106
1-800-680-7289
www.transunion.com/fraud-victim-resource/place-fraud-alert

Equifax

P.O. Box 105069
Atlanta, GA 30348
1-888-766-0008
www.equifax.com/personal/credit-report-services

  1. WHAT IS THE PURPOSE OF A “SECURITY FREEZE”?

 

A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Should you wish to place a security freeze, please contact the major consumer reporting agencies:

Experian

PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com/freeze/center.html

TransUnion

P.O. Box 2000
Chester, PA 19016
1-888-909-8872
www.transunion.com/credit-freeze

Equifax

PO Box 105788
Atlanta, GA 30348-5788
1-800-685-1111
www.equifax.com/personal/credit-report-services

  1. IF I THINK I MAY BE THE VICTIM OF FRAUD, WHAT SHOULD I DO?

 If you believe you are a victim of attempted or actual identity theft or fraud, we encourage you to take the following steps:

  • Contact ID Experts to utilize the restoration services we are offering, at no cost to you.
  • Contact appropriate financial institutions to protect or close any accounts that have been tampered with or opened fraudulently.
  • Contact the credit reporting agencies to place a “fraud alert” or “security freeze” on your credit reports.
  • File a police report and ask for a copy for your records.
  • File a complaint with the Federal Trade Commission.
  • File a complaint with your state Attorney General.
  • Keep good records.
    • Keep notes of anyone you talk to regarding this incident, what he/she told you, and the date of the conversation;
    • Keep originals of all correspondence and forms relating to the suspicious or fraudulent activity, identity theft, or fraud; and,
    • Retain originals of supporting documentation, such as police reports and letters to and from creditors.  When requested to produce supporting documentation, send copies.
  • Keep old files, even if you believe the problem is resolved.
  1. WHAT PROTECTION IS LOUDOUN MEDICAL GROUP D/B/A CSCC OFFERING TO AFFECTED INDIVIDUALS?

 Individuals who may be affected by this incident will receive a notification that includes information and resources the individual may use to protect their personal information.

  1. SHOULD I REPORT THIS TO LAW ENFORCEMENT?

 If you believe you are or may be the victim of identity theft or fraud, we encourage you to file a report with law enforcement.

  1. HAS IDENTITY THEFT OCCURRED AS A RESULT OF THIS INCIDENT?

We have not received any reports of identity theft as a result of this incident.  We encourage those individuals potentially impacted by this incident to protect against theft and fraud by:

  • Monitoring your financial statements carefully.  If you see any unauthorized or suspicious activity, promptly contact your bank, credit union, or credit card company.
  • Monitoring your credit reports for suspicious or unauthorized activity.  Under U.S. law you are entitled to one free credit report annually from each of the three major credit reporting bureaus.  To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  You may also contact the three major credit bureaus directly to request a free copy of your credit report.
  • Placing a fraud alert on your credit file.  You have the right to place an initial or extended “fraud alert” on your file at no cost.  An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file.  Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit.  If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years.  Contact the three major credit bureaus directly to place a fraud alert on your credit file.
  • Placing a security freeze on your credit file.  A security freeze will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization.  The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent.  However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.  Pursuant to federal law, you cannot be charged to place or lift a security freeze on your credit report.  Contact the three major credit bureaus directly to place a security freeze on your credit file.
  • Contacting the Federal Trade Commission and your state Attorney General to learn more about identity theft, fraud alerts, security freezes, and other steps you can take to protect yourself.  The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580, www.identitytheft.gov, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261.
  • Reporting incidents of suspected or actual identity theft or fraud to law enforcement, the Federal Trade Commission, and your state Attorney General.
  1. Am I Affected By This incident?

While Loudoun Medical Group d/b/a CSCC has no evidence of actual or attempted misuse of information present in the relevant email account, in an abundance of caution, we are currently undertaking a comprehensive review of the data present in that account to confirm what records may be present.  Upon conclusion of this investigation, Loudoun Medical Group d/b/a CSCC will be taking steps to directly notify those individuals whose information was present within the relevant email account and provide detail on what specific information may be affected.