Notice of Data Security Incident
Asheville, North Carolina – September 20, 2024 – Asheville Arthritis notified certain individuals that their personal information may have been accessed as part of cybersecurity incident. Asheville Arthritis takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened And What Information Was Involved On or around May 22, 2024, Asheville Arthritis detected that it was the target of a cybersecurity incident. Upon detecting this incident, we moved quickly to secure our network environment and launched a thorough investigation. The investigation was performed with the aid of independent IT security and forensic investigators to determine the scope and extent of the potential unauthorized access to our systems and any personal information contained within those systems.
Asheville Arthritis’s investigation indicates that files containing certain individual and health information may have been compromised by an unauthorized third party. Although we have found no evidence that your information has been specifically misused, it is possible that your name, address, date of birth, telephone number, social security number, and certain medical information such as medical notes, lab results, diagnosis, and health insurance information, to the extent that such existed on the network, could have been exposed.
Asheville Arthritis is providing written notice to all impacted individuals. Asheville Arthritis has no reason to believe that any individual’s information has been misused as a result of this event. As of this writing, Asheville Arthritis has not received any reports of misuse of information and/or related identity theft.
What We Are Doing Data security is one of our highest priorities. Upon detecting this incident, we moved quickly to initiate a response, which included conducting an investigation and ensuring the environment had been secured. We contacted law enforcement and retained cybersecurity forensic experts to help us ensure an attack like this does not happen again. Asheville Arthritis has also reported this incident to the Department of Health and Human Services Office for Civil Rights in accordance with HIPAA regulations.
The notification letter to the potentially impacted individuals includes steps that they can take to protect their information. In order to address any concerns and mitigate any exposure or risk of harm following this incident, Asheville Arthritis has arranged for complimentary credit monitoring services and identity theft protection services to all potentially impacted individuals at no cost to them. Asheville Arthritis recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
For More Information For individuals seeking more information or questions about this incident, please call Asheville Arthritis’s dedicated toll-free helpline at 1-833-415-2590 on Monday through Friday between 8:00 am to 8:00 pm ET, excluding holidays.
Asheville Arthritis sincerely apologizes for any inconvenience this incident may cause to members of its community and remains dedicated to maintaining the security and protection of all patient information in its control.