Nags Head, NC – The Outer Banks Hospital is providing notice of a recent data event that may have compromised the security of personal information relating to current and former patients who received treatment at the OBX Cardiopulmonary Rehabilitation program of Eastern Carolina Cardiovascular, P.A., located in Kitty Hawk, NC, from 2004 until June of 2016.
The Outer Banks Hospital recently acquired certain assets of the OBX Cardiopulmonary Rehabilitation program of Eastern Carolina Cardiovascular, P.A. We moved those assets on June 20-21, to The Outer Banks Hospital. On June 22, 2016, we discovered that two flash drives containing patient information went missing. We immediately began working diligently to investigate and to mitigate the potential impact of this incident to determine whether any sensitive information was affected.
While there is no indication the information has been misused, we determined that current and former patient information was located on one or both of the flash drives, and we are providing written notice to those individuals for whom we have contact information. The flash drives may have contained the following categories of information: Social Security number, emergency contact number, mental health information, insurance ID number, diagnosis, health history information, patient account number, medical record number, referring physician name, and demographic information.
“This is not consistent with our privacy practices, and we are truly sorry that it occurred,” said Ronnie Sloan, president of The Outer Banks Hospital. “Be assured that we do have policies and procedures in place to allow for appropriate action in response to the inappropriate use, access, or disclosure of our patient’s medical information, and that we have taken steps to address this matter.”
As part of The Outer Banks Hospital’s commitment to the security of personal information, third-party forensic investigators have been brought in to help investigate the incident and the hospital began notifying affected patients by mail on Tuesday, August 16, 2016. As the investigation into potentially affected patients continues, the hospital expects to identify and send letters to the remaining patients whose addresses are on file within the next few weeks. As an additional precaution, The Outer Banks Hospital is offering affected individuals access to one (1) year of free credit monitoring and identity theft restoration services.
The Outer Banks Hospital has established a dedicated assistance line for individuals to ask questions or learn additional information regarding this incident. Individuals can reach this assistance line by calling
1-866-775-4209. If you believe you may have been affected, but did not receive a letter, please contact this assistance line.
The Outer Banks Hospital encourages patients who believe they may be affected by this incident to remain vigilant by reviewing their account statements and monitoring free credit reports for suspicious activity. At no charge, an individual can also have these credit bureaus place a “fraud alert” on their file that alerts creditors to take additional steps to verify their identity prior to granting credit in their name. The contact information for the major consumer reporting agencies is below:
Individuals can obtain information about fraud alerts, preventing identify theft, and the steps they can take to protect themselves, by contacting the Federal Trade Commission or their state Attorney General. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh NC 27699-9001; (919) 716-6400; and www.ncdoj.gov. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.ftc.gov/idtheft; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.
Patients of the OBX Cardiopulmonary Rehabilitation program of Eastern Carolina Cardiovascular, P.A., can find information about the steps to take if they believe their information may be affected at http://www.theouterbankshospital.com.