Community Surgical Supply of Toms River (“CSS”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice concerns an incident that may have involved some of that information.
On July 17, 2020, suspicious activity relating to an employee’s email account was identified. The account was immediately secured and a computer forensic firm was engaged to assist with the continued investigation. On August 6, 2020, the investigation determined that the employee’s email account had been subject to unauthorized access at some point prior to July 17, 2020, and that emails received by the email account between May 10, 2020 and July 17, 2020 had been forwarded to an unauthorized email address. The investigation was unable to determine whether the unauthorized person actually viewed any emails or attachments in the employee’s email account. Out of an abundance of caution, all emails and attachments contained in the email account were reviewed to identify customer information that may have been accessible without authorization. This review is ongoing. However, emails and/or attachments containing customer information, including names, dates of birth, medical record or patient account numbers, health insurance information, and/or limited treatment or clinical information, such as diagnoses, medication information, and/or provider information have been identified. In some instances, Social Security numbers and/or driver’s license numbers have also been identified in the account.
This incident has not affected all CSS customers, but only those whose information was contained in the affected email account.
There is no evidence that any customer information has been misused as a result of this incident, however, in an abundance of caution, letters have been mailed to customers whose information was identified in the account and for whom there was sufficient contact information. A dedicated, toll-free number has also been established to answer questions individuals may have about the incident. If you have questions, please call 1-888-222-1962; Monday through Friday, from 8:00 a.m. to 5:00 p.m. Eastern Time. Customers whose Social Security numbers were found in the email account are being offered complimentary credit monitoring and identity protection services. It is also recommended that affected customers review statements they receive from their healthcare providers or health insurers. If customers see charges for services they did not receive or transactions they do not recognize, please contact the provider or insurer immediately.
We regret any concern or inconvenience this incident may cause. We remain committed to protecting the confidentiality and security of customers’ information. To help prevent something like this from happening in the future, we have reinforced education with staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment.