Notice of Cyber Security Incident

Recently, Kenosha Community Health Center, Inc. (“KCHC”) experienced a data security incident (“Incident”). At this time, we have no evidence that any information has been misused. However, out of an abundance of caution, we are alerting you that the incident occurred and created the potential for disclosure of some protected health information (“PHI”) and personally identifiable information (“PII”).

What Happened:
Early in the morning on August 31, 2021, KCHC personnel discovered spam emails being sent from a single employee’s email that contained information relating to one of KCHC’s treatment programs. The email was immediately disabled, and we engaged an independent forensic expert to investigate the incident. The forensic expert completed their investigation on December 17, 2021, and determined that only the one email was impacted, and none of the Electronic Health Records (“EHR”) servers were affected. KCHC then engaged a third party to further review the files in the email inbox to determine whether any PHI was impacted. That review concluded on March 7, 2022.

What Information was Involved:
Only 2 individuals had Social Security Numbers impacted, and they have both been personally contacted. The remaining individuals had dates of birth, dates of past appointments, and prescription information potentially impacted. No drivers’ license numbers, credit card data, financial or banking account information was affected by this Incident. KCHC sent notice letters to all potentially impacted individuals.

What We Are Doing:
KCHC takes the security of your personal information very seriously and has taken steps to prevent a similar event from occurring in the future. In response to this incident, KCHC retrained its employees on ways to avoid phishing emails and demanded that its vendors stop sending PHI via emails.

What You Can Do:
If you believe your information was potentially impacted by this Incident, please review the enclosed “Additional Important Information” section. This section describes additional steps you can take, including recommendations by the Federal Trade Commission (“FTC”) regarding identity theft protection, and details on how to place a fraud alert or a security freeze on your credit file. Please continue to remain vigilant, and carefully monitor your mail and credit reports for any suspect activity, and report any incident of identity theft to your local law enforcement, Attorney General, and the FTC.

Please know that safeguarding your personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause to you. If you have any questions or would like to determine whether your information was potentially impacted, please do not hesitate to contact our dedicated call center at telephone number 1-800-405-6108, Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time.