CareMeridian notifies patients after disk goes missing in the mail
The following press release is basically identical to one provided yesterday by Georgia MENTOR. Neither Georgia MENTOR nor CareMeridian name the software provider who mailed them a disk with unencrypted documents that appears to have been lost in the mail.
CareMeridian, LLC is notifying individuals of a data security event that could potentially impact the security of certain personal information. Although we are unaware of any actual or attempted misuse of the information, we are providing potentially impacted individuals with information about the event, steps taken since discovering the event, and what can be done to protect against potential harm.
On December 21, 2017, CareMeridian discovered that an unencrypted disk sent by a third-party software provider containing documents that included sensitive information appeared to have been lost in the mail. We immediately launched an investigation to determine the nature and scope of this incident, the types of information involved and the individuals who may be affected. We retained a third-party expert to assist us with this investigation. Notably, we continue to have no evidence of actual or attempted misuse of information as a result of this incident.
What Information Was Involved
It was determined that with respect to CareMeridian the lost disk contained one or more of the following types of information: name and limited medical information, and, for 13 individuals, social security number.
CareMeridian is mailing notice letters to the affected individuals. We are also reporting this incident to U.S. Department of Health and Human Services and certain state regulators as required.
What Affected Individuals Can Do
CareMeridian is unaware of any actual or attempted misuse of the information, and emphasizes that it cannot confirm whether the information was actually accessed. Nevertheless, we encourage affected individuals to review financial statements, monitor credit reports, and report suspicious activity to the institution with whom the information is shared.
Any affected individual can learn more about this incident by calling CareMeridian directly at 888-818-8990.
CareMeridian takes seriously its responsibility to safeguard the confidentiality, privacy and security of information in our custody. We have security measures in place and are taking additional steps to enhance data security going forward. We regret that any information was put at risk.
Source: CareMeridian, LLC