FORT WAYNE, Ind.--(BUSINESS WIRE)--On behalf of itself and its affected clients, NoMoreClipboard is writing to provide notice of a data security compromise that has affected the security of some protected health information relating to certain clients and individuals who have used a NoMoreClipboard personal health record or patient portal.
On May 26, 2015, we discovered suspicious activity in one of our servers. We immediately began an investigation to identify and remediate any identified security vulnerability. Our first priority is to safeguard the security of patient health information, and we are working with a team of third-party experts to investigate the attack and enhance data security and protection. This investigation is ongoing. On May 26, 2015, we also reported this incident to law enforcement including the FBI Cyber Squad. Law enforcement is actively investigating this matter, and we are cooperating fully with law enforcement’s investigation. The investigation indicates this is a sophisticated cyber attack.
While investigations into this incident are ongoing, we determined that the security of some protected health information contained in NoMoreClipboard accounts has been affected. The affected data relating to individuals who used a NoMoreClipboard portal/personal health record may include an individuals’ name, home address, username, hashed password, security question and answer, email address, date of birth, health information, and Social Security number. No financial or credit card information has been compromised, as we do not collect or store this information. Our forensic investigation indicates the unauthorized access to our network began on May 7, 2015. At this time we are working to quantify the number of patients affected by this incident.
We strongly encourage all NoMoreClipboard users to change their passwords. We also strongly encourage everyone to use different passwords for each of their various accounts. Do not use the same password twice. The next time a NoMoreClipboard user logs in, we will prompt a password change. As part of the password change process, users will be sent a 5 digit PIN code to either a cell phone, via an automated phone call, or to an email address already associated with the NoMoreClipboard account. Users will have to enter this 5 digit code to reset their password. We are also emailing NoMoreClipboard users to encourage this password change.
On June 2, 2015, we began contacting and mailing notice letters disclosing this incident to affected NoMoreClipboard clients.
Affected individuals for whom we have a valid postal address will also be notified of this incident through U.S. mail. The same information contained in the notice letter will also be available at www.NoMoreClipboard.com. We will also be disclosing this incident to certain state and federal regulators.
Identity protection services
As the investigations continue, and out of an abundance of caution, we are offering credit monitoring and identity protection services to affected individuals, free of charge, for the next 24 months.
We have established a toll-free call center to answer questions relating to this data security event and the support and services being provided.
Fraud prevention tips
We suggest that affected individuals remain vigilant and seek to protect against possible identity theft or other financial loss by reviewing account statements, notifying their credit card companies, healthcare providers, and insurers of the data compromise, and monitoring their credit reports. Affected individuals may also review Explanation of Benefits statements for irregularities. If an individual does not receive regular Explanation of Benefits statements, he or she can contact his or her health plan and request them to send such statements following the provision of services.
Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. To obtain a free credit report, visit www.annualcreditreport.com or call, toll-free, (877) 322-8228.
At no charge, potentially affected individuals can also have these credit bureaus place a "fraud alert" on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file. Any individual wishing to place a fraud alert, or who has questions regarding their credit report, can contact any one of the following agencies: Equifax, P.O. Box 105069, Atlanta, GA 30348-5069, 800-525-6285, www.equifax.com; Experian, P.O. Box 2002, Allen, TX 75013, 888-397-3742, www.experian.com; or TransUnion, P.O. Box 2000, Chester, PA 19022-2000, 800-680-7289, www.transunion.com. Information regarding security freezes may also be obtained from these sources.
The Federal Trade Commission (FTC) also encourages those who discover that their information has been misused to file a complaint with them. To file a complaint with the FTC, or to obtain additional information on identity theft and the steps that can be taken to avoid identity theft, the FTC can be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580, or at www.ftc.gov/idtheft, or (877) ID-THEFT (877-438-4338); TTY: (866) 653-4261. This notice has not been delayed because of law enforcement; however, instances of known or suspected identity theft should be reported to law enforcement, the Attorney General in the individual’s state of residence, and the FTC. State Attorneys General may also have advice on preventing identity theft. Individuals can also learn more about placing a fraud alert or security freeze on their credit files by contacting the FTC or their state's Attorney General. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, (919) 716-6400, www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, (888) 743-0023, www.oag.state.md.us. For Kentucky residents, the Attorney General can be contacted at 700 Capitol Avenue, Suite 118, Frankfort, Kentucky 40601-3449, 502-696-5389, www.ag.ky.gov.
To better assist those who may potentially have been affected, we have established a confidential, toll-free hotline to answer questions. This hotline is available Monday through Friday, 9:00 a.m. to 9:00 p.m. E.T., and can be reached at (866) 328-1987. Affected individuals can also visit www.NoMoreClipboard.com for additional information and updates.
We take the security of health information very seriously and understand that such incidents cause real concern. We apologize sincerely and thank our customers for their continued loyalty and patience as we work through this challenge.