Notice of Data Security Incident
Sincera Reproductive Medicine (“Sincera”), formerly Abington Reproductive Medicine, became aware of a security incident that occurred between August 10, 2020 and September 13, 2020. While there is currently no evidence that any personal information has been misused as a result of this incident, out of an abundance of caution, Sincera is providing information about the incident, our response to it, and resources available to you to better protect your information, should you feel it appropriate to do so.
What Happened? On September 11, 2020, we observed suspicious activity related to our internal IT systems. In response, we launched an immediate response and investigation of the incident with the assistance of third-party incident response and forensic specialists. We determined that an unauthorized actor had gained access to our systems and we removed that access on September 13, 2020. Additionally, we were able to establish that on August 10, 2020 the unauthorized actor gained access to our systems and may have exfiltrated certain patient data from our network between August 10, 2020 and September 13, 2020. We subsequently conducted a thorough and comprehensive assessment of information held on our systems that this actor may have had access to and to whom that information pertained. This included the detailed and labor intensive review of all potentially impacted records which we consolidated and analyzed. On April 22, 2021, we confirmed the specific information potentially impacted during this incident. Please note we are unaware of any potential misuse of data related to this incident, and we are providing this information in of an abundance of caution.
What Information Was Involved? While the information varied depending on the individual, Sincera’s investigation determined that at the time of the incident the impacted systems contained information including patient names, and depending on the individual, Social Security number, driver’s license, date of birth, medical treatment and/or medical diagnosis, treating/referring physician, prescription information, biometric information, health insurance information, and other treatment information.
What We Are Doing. The confidentiality, privacy, and security of your information is among our highest priorities, and we take this incident very seriously. In response to this incident, we moved swiftly to confirm the security of our internal systems and to prevent continued unauthorized access to our network. As part of our response to this event, we provided notice to the Federal Bureau of Investigation. Sincera is also providing complimentary credit monitoring to those individuals that were impacted by the event. We also provided the legally required notification of this incident to the United States Department of Health and Human Services and state regulators.
What You Can Do. We recommend potentially affected individuals remain vigilant for attempts to obtain sensitive information from them using social engineering. This is when someone requests you provide sensitive information such as bank account information or Social Security number by using information they may have about you in an attempt to make the request look legitimate. We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, review your Explanation of Benefits form, and to monitor your credit reports for suspicious activity for the next twelve (12) to twenty-four (24) months. We also encourage potentially affected individuals to review the below Steps You Can Take to Help Protect Your Information. There you will find general information on what potentially affected individuals can do to help protect their personal information.
If you have additional questions about this event, please call our dedicated assistance line at 1-855-654-0863 between the hours of 9 am – 9 pm ET Monday – Friday. You may also write to Sincera at Attn: Office Manager, 467 Pennsylvania Avenue, Suite 202B, Fort Washington, PA 19034.
Steps You Can Take to Help Protect Your Information
Monitor Your Accounts
Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you will need to provide the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- Addresses for the prior two to five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, military identification, etc.); and
- A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.
Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:
Equifax Fraud Alert, P.O. Box 105069 Atlanta, GA 30348-5069
Equifax Credit Freeze, P.O. Box 105788 Atlanta, GA 30348-5788
Experian Fraud Alert, P.O. Box 9554, Allen, TX 75013
Experian Credit Freeze, P.O. Box 9554, Allen, TX 75013
TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016
TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094
You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.