DUBLIN, Ohio, May 4, 2020 /PRNewswire/ -- Management and Network Services, LLC ("MNS") has become aware of a data security incident that may have involved the personal and protected health information belonging to patients of post-acute providers to which MNS provides services. MNS has sent notification to the potentially involved providers and individuals to notify them of this incident and provide resources to assist them.
MNS provides some administrative support services to post-acute providers, and in connection with providing these services, MNS may receive information belonging to providers' patients or individuals who were referred by, but did not receive services from, a provider. On or about August 21, 2019, MNS confirmed that several employee email accounts may have been accessed without authorization at various times between April and July of 2019. Five (5) of the impacted email accounts were believed to contain personal or protected health information. In immediate response, MNS took steps to ensure the security of its email system and began analyzing the email accounts to determine what information may have been affected. The analysis recently revealed that personal and protected health information for providers' patients and individuals referred to providers for treatment was contained in the affected email accounts.
There is no evidence of the misuse of any information potentially involved in this incident. However, on March 5, 2020, MNS provided notification about the incident to the post-acute providers whose patients may have been impacted. On May 4, 2020, MNS also notified the individuals potentially involved in the incident who did not receive direct-provider notification, and provided them information about the incident and steps they can take to protect their personal information.
Based on the investigation of the incident, the following personal and protected health information may have been involved in the incident: names, medical treatment information, diagnosis information or codes, medication information, dates of service, insurance providers, health insurance numbers, dates of birth and Social Security numbers. For a small number of individuals, affected information may also include Driver's License numbers, State Identification Card numbers, and financial account information.
MNS takes the security of patient information very seriously and has taken steps to prevent a similar event from occurring in the future, including strengthening and enhancing password policies organization-wide, and expanding the use of multi-factor authentication to all employees.
MNS has established a toll-free call center to answer questions about the incident and related concerns. The notification letters MNS sent to potentially affected individuals also include information about steps that individuals can take to protect their information. The call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time and can be reached at 1-866-377-0035.
The privacy and protection of personal and protected health information is a top priority for MNS, which deeply regrets any inconvenience or concern this incident may cause.
SOURCE Management and Network Services, LLC