Emeryville, California, April 29, 2022 – Salusive Health, Inc., doing business as myNurse, has announced a data security incident involving personal information relating to the patients it supports.
On March 7, 2022, the company discovered unauthorized activity on its systems. In response, it immediately began containment, mitigation, and restoration efforts to terminate the activity and to secure its network, systems, and data. In addition, it retained independent cybersecurity experts to conduct a forensic investigation into the incident and assist it in determining what happened. Based on the initial investigation the company believes the breach began on March 3, 2022 and concluded on March 7, 2022.
The forensic investigation revealed that an unknown party had access to certain systems on its network. Based on that information, it worked diligently to identify the potentially affected files and their contents. Upon review, it determined that the potentially impacted files contained some information relating to certain patients. Accordingly, it took steps to identify the information involved, the affected individuals, their current mailing address, and their relationship with its partner organizations, if any, in order to provide the requisite notification.
The types of protected health information potentially involved may include demographic information (i.e., first and last name, gender, home address, phone number, email address, and date of birth); clinical information (i.e., medical history/diagnosis/treatment, dates of service, lab test results, prescription information, provider name, medical account number, or anything similar in a medical file and/or record); and financial information (i.e., health insurance policy and group plan number, group plan provider, claim information), and a single individual’s Social Security Number. It is important to note that, at this time the company has no evidence that information has been shared, posted, or misused as a result of this incident.
On April 29, the company provided notification to affected individuals. Individuals who receive a notification letter pertaining to this matter should review the steps outlined in the letter to protect their personal information. These steps may include reviewing account statements, obtaining copies of credit reports, placing fraud alerts on credit reports, and placing security freezes on credit files. The company has established a toll-free call center to answer questions about the incident and to address any concerns. Call center representatives are available Monday through Friday from 6 am – 6 pm Pacific Time and can be reached at 1-800-939-4170.
The company has implemented additional measures to enhance the security of its digital environment in an effort to minimize the likelihood of a similar event from occurring in the future. Furthermore, it reported the incident to law enforcement agencies, including the Federal Bureau of Investigation (FBI), and it is committed to assisting the FBI with their investigation into the matter.
The privacy and security of its patient information is a top priority for myNurse. The company takes this incident very seriously and it regrets any worry or inconvenience this may cause.
Media Contact: firstname.lastname@example.org