Important Info Re: Data Security Incident

May 11, 2020

Notice of Data Security Incident 


What Happened? 


On November 14, 2019, we learned that an outside entity sent phishing emails to certain of our employees soliciting their login information to our email system.  We immediately commenced an investigation and determined on February 24, 2020, that the entity appears to have been able to use employee credentials to gain unauthorized access from August 26, 2019 through January 7, 2020 to a small number of employee email accounts.  On April 22, 2020, our data review experts determined that protected health information belonging to some of our patients was contained within the impacted accounts and therefore was potentially accessed.  We have terminated the unauthorized access to our employee email accounts.  The access was limited to information that was contained in emails of the impacted employees and did not extend to patient databases.


What Information Was Involved?


The information stored in the affected email accounts varies by individual, but may include first and last name, addresses, date of birth, provider name, date of service, clinical information, treatment information, procedure type and in some cases social security numbers.  Our investigation has not found any evidence that this incident involves any unauthorized access to or use of any of MLHS’s information aside from the information contained within the accessed email accounts.


What We Are Doing?


We take the privacy of personal information seriously and deeply regret that this incident occurred.  We took steps to address this incident promptly after it was discovered, including initiating an investigation into this incident and working with an independent forensic investigation firm to assist us in the investigation of and response to this incident.  Additionally, we have reset all user account passwords and have implemented additional technology measures in order to help prevent this type of incident from reoccurring in the future.  MLHS has also reported this incident to law enforcement and will continue to cooperate with any investigation.


What You Can Do?


Notification letters are being sent to potentially impacted individuals on May 11, 2020.  The letters include information about this incident and about steps that potentially impacted individuals can take to monitor and help protect their personal information.  We have established a toll-free call center to answer questions about the incident and to address related concerns.  The call center can be reached at 1-833-979-2230, Monday through Friday from 8:00 am – 8:00 pm Central Time, Monday through Friday or go to  In addition, as a precaution, we are offering complementary credit monitoring services to those individuals whose information was potentially impacted. 


We deeply regret any inconvenience or concern this incident may cause. 


The following information is provided to help individuals wanting more information about steps that they can take to protect themselves:


What steps can I take to protect my private information?


  • If you detect suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained.  You should also report any fraudulent activity or any suspected incidents of identity theft to law enforcement.


  • You may obtain a copy of your credit report at no cost from each of the three nationwide credit reporting agencies.  To do so, visit or call toll free at 1-877-322-8228.  Contact information for the three agencies appears at the bottom of this page. 
  • Notify your financial institution immediately of any unauthorized transactions made, or new accounts opened, in your name. 


  • You can take steps recommended by the Federal Trade Commission to protect yourself from identity theft.  The FTC’s website offers helpful information at


What should I do to protect myself from payment card/credit card fraud?


We suggest that you review your debit and credit card statements carefully in order to identify any unusual activity.  If you see anything that you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately. 


How do I obtain a copy of my credit report?


You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies once every twelve (12) months.  To do so, please visit or call toll free at 1-877-322-8228.  Contact information for the three agencies is included in the notification letter and is also listed at the bottom of this page. 


How do I put a fraud alert on my account?


You may consider placing a fraud alert on your credit report.  This fraud alert informs creditors of possible fraudulent activity within your report and requests that creditors contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is listed below. 


Contact information for the three nationwide credit reporting agencies is as follows:


            Equifax Security Freeze         Experian Security Freeze       TransUnion (FVAD)

            PO Box 105788                      PO Box 9554                          PO Box 2000

            Atlanta, GA 30348                 Allen, TX 75013                     Chester, PA 19022

            1-800-685-1111                      1-888-397-3742                      1-800-888-4213