About the data privacy event
On October 27, 2020, The Office of Kristina T. Nguyen, DDS, PC (“Dr. Nguyen”) was informed of potentially suspicious activity on its computer network. Dr. Nguyen took immediate steps to investigate the nature and scope of the incident. Dr. Nguyen’s investigation, with the assistance of third-party computer forensic specialists, is ongoing. Dr. Nguyen is issuing this statement to provide additional details regarding what is known about the incident and the further steps it will be taking in response.
Frequently Asked Questions
What Happened? On or about October 27, 2020, Dr. Nguyen employees discovered they were unable to access certain resources on their computer network and that certain files were also inaccessible. Dr. Nguyen began investigating the source of the issue. On October 30, 2020, Dr. Nguyen then determined that the files on its server had been encrypted by malware as the result of a cyber-attack. Dr. Nguyen is currently in the process of further investigating this incident with the assistance of third-party computer forensic specialists to determine if there was unauthorized access to files or folders on the impacted server, and that investigation is ongoing. However, the server on which suspicious activity was identified contained records related to Dr. Nguyen’s patients. Therefore, in an abundance of caution, Dr. Nguyen is notifying patients their information may have been at risk.
What Information Was Involved? The information contained on the server which may have been impacted by this incident varied by individual, but included name, Social Security number, health insurance information (including health insurance number), mailing address, treatment information, and diagnosis information. We have no evidence any information was subject to actual or attempted misuse.
What Nguyen Is Doing. Dr. Nguyen takes this incident and the security of personal information seriously. Upon discovery, Dr. Nguyen launched an investigation and took steps to secure its systems and investigate activity. Dr. Nguyen worked diligently to investigate and respond to this incident. Dr. Nguyen is also reviewing and enhancing existing policies, procedures, and processes related to storage of and access to personal information and will be reporting this incident to relevant state and federal regulators where required. Dr. Nguyen will be notifying potentially impacted individuals for whom it has address information so that they may take further steps to best protect their information, should they feel it is appropriate to do so.
What Can Affected Individuals Do? While Dr. Nguyen has no evidence that any personal information was subject to actual or attempted misuse, it encourages anyone who thinks their information may have been impacted to monitor financial accounts and explanation of benefits forms and notify their bank immediately if they detect unauthorized or unusual activity. Individuals can also review the below Steps You Can Take to Help Protect Your Information.
For more information. We understand some people may have additional questions concerning this incident. Individuals can direct questions to 703-288-3445, Monday through Friday 8:30am through 4:30pm.
Steps You Can Take to Help Protect Your Information
Dr. Nguyen apologizes for any inconvenience this may cause and remains committed to the privacy and security of all information it maintains.
Dr. Nguyen encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and to monitor credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.
Individuals have the right to place a “security freeze” on their credit report, which will prohibit a consumer reporting agency from releasing information in their credit report without express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without individuals’ consent. However, individuals should be aware that using a security freeze to take control over who gets access to the personal and financial information in their credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, individuals cannot be charged to place or lift a security freeze on your credit report. Should a person wish to place a security freeze, they may contact the major consumer reporting agencies listed below:
In order to request a security freeze, individuals will need to provide the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- If you have moved in the past five (5) years, provide the addresses where you have lived over the prior five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.);
- If you are a victim of identity theft, include a copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft.
To remove the security freeze, an individual must send a written request to each of the three credit bureaus by mail and include proper identification (name, address, and social security number) and the PIN number or password provided to them when they placed the security freeze. The credit bureaus have three (3) business days after receiving your request to remove the security freeze.
As an alternative to a security freeze, individuals have the right to place an initial or extended “fraud alert” on your file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If a person is a victim of identity theft, they are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should a person wish to place a fraud alert, they may contact any one of the agencies listed below:
P.O. Box 2002
Allen, TX 75013
P.O. Box 2000
Chester, PA 19016
P.O. Box 105069
Atlanta, GA 30348
The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue, NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should be reported to law enforcement, an individual’s Attorney General, and the FTC. Individuals can also further educate themselves about placing a fraud alert or security freeze on their credit file by contacting the FTC or their state’s Attorney General. This notice has not been delayed by a law enforcement investigation.