Golden Heart Administrative Professionals - Data Security Breach
The Fairbanks North Star Borough (the "Borough") received notification from Golden Heart Administrative Professionals, Inc. (GHAP) that GHAP's computer system was subjected to a ransomware attack and that certain information within GHAP's system was compromised.
GHAP was the Borough's emergency medical services ("EMS") ambulance billing agency from 2012 through 2017. The Borough switched billing service providers in 2017.
GHAP's Description of the Incident: Based on the information provided to the Borough by GHAP, the Borough understands that GHAP was subject to a ransomware attack that resulted in the encryption of certain information maintained on its computer system. Upon discovery of the incident, GHAP retained a third-party IT and forensics firm to investigate the incident. According to GHAP, the forensic investigation determined that all information in the GHAP system was potentially compromised and subject to the unauthorized access and acquisition by an unknown third-party, including individuals' names, addresses, Social Security numbers, dates of birth, medical treatment and diagnosis codes and, in certain instances where payment was made by credit card, credit card information and other potentially sensitive information.
Date of Incident and GHAP's Notification to the Borough: GHAP reported that the ransomware attack occurred on April 14, 2018, and that the attack was discovered by GHAP on that same day. As described further, below, GHAP has taken steps to minimize the impact of the incident. GHAP provided an initial notification of the incident to the Borough in a letter, dated May 25, 2018. However, GHAP did not provide detailed information concerning the incident or who was affected until June 18, 2018.
Steps taken by GHAP and the Borough: The Borough has been advised by GHAP that GHAP is working with its technology service provider to mitigate any further potential damage as a result of this incident and to increase the security of its system to protect against future cyber-attacks. GHAP has advised us that it has notified law enforcement of the incident as well as the three major credit agencies (Equifax, Experian, and TransUnion). Additionally, the Borough has been advised by GHAP that it has replaced the affected computer hardware and installed updated computer software on its systems, is re-evaluating the security of its computer system and will provide updated training to its personnel. The Borough will continue to monitor GHAP's investigation and will work with the Borough's current ambulance billing provider to ensure that it has adequate administrative, technical and physical safeguards to protect personal information against similar future threats.
Affected individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. In general, we recommend, as a precautionary measure, that patients remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state's attorney general.
The Borough apologizes for any inconvenience or concern that this incident might cause the affected individuals. Additional information is available via a confidential, toll-free inquiry line at 1-888-668-9006, between 5 a.m. and 5 p.m., Alaska Time, Monday through Friday.