Health Quest Urgent Care (“HQUC”) is a healthcare provider and maintains information related to those services. This notice relates to HQUC’s ongoing investigation of an incident that may have involved some patients’ information. This notice explains the incident, measures HQUC has taken and some steps that can be taken in response.
On April 2, 2019, through HQUC’s ongoing investigation of a phishing incident, HQUC determined an unauthorized party may have gained access to emails and attachments in several employee email accounts that may have contained patient information. HQUC first learned of a potential incident in July 2018, when several employees were deceived by a phishing scheme, which resulted in certain workforce members being tricked into inadvertently disclosing their email account credentials to an unauthorized party. Although these phishing emails appeared to be legitimate, they were sent by an unknown actor and were designed to have the recipients disclose their email account usernames and passwords. Upon learning of the incident, the employee email accounts in question were secured and a leading cybersecurity firm was engaged to assist us in our investigation. As part of the investigation, HQUC performed a comprehensive review of the contents of the email accounts in question to determine if they contained any sensitive information.
Through this ongoing review, on January 25, 2019, HQUC identified email attachments that contained certain health information, and on April 2, 2019, were determined to contain patient information, which may have included names, provider names, dates of treatment, treatment and diagnosis information, and health insurance claims information, related to services some patients received at HQUC between January 2018 and June 2018.
Although, to date, HQUC has no evidence that any information has been misused or was in fact viewed or accessed, HQUC began notifying the potentially affected individuals on May 31, 2019, and we have established a dedicated call center to answer any questions. If you believe you may be affected by this incident but did not receive a letter by June 10, 2019, please call, 1-800-277-0105, Monday through Friday, 9:00 a.m. to 6:30 p.m. EST.
HQUC regrets any inconvenience or concern this may cause you. To help prevent a similar incident from occurring in the future, HQUC is implementing multi-factor authentication for email and additional procedures to further expand and strengthen its security processes. HQUC is also providing additional training to its employees regarding phishing emails and other cybersecurity issues.