NOTICE OF TECHNOLOGY MANAGEMENT RESOURCES DATA BREACH
Intellirad Imaging, LLC (“Intellirad”) recently learned of a data security incident experienced by Technology Management Resources, Inc. (“TMR”) that may have impacted the protected health information (“PHI”) of some of its patients.
Intellirad has a lockbox service with IBERIABANK for collecting and processing payments from our patients. IBERIABANK uses Technology Management Resources, Inc. (“TMR”) as a third‐party lockbox service provider to process payments and capture pertinent payment data for items received in the lockbox. On July 3, 2020, TMR discovered that a TMR employee’s iRemit user account had been compromised. Intellirad was notified of this incident on August 21, 2020 and has been actively seeking information regarding the incident to be able to provide this notice.
Upon discovery of the incident, TMR reported that they secured the account and began an investigation in consultation with external cybersecurity professionals. TMR has stated that their investigation determined that the threat actor may have viewed images of checks and related images containing Intellirad patient PHI. According to TMR, the threat actor activity occurred between August 5, 2018 and May 31, 2020, with the bulk of the activity occurring between February and May 2020. TMR notified the FBI of this incident.
What information was involved?
According to TMR, their investigation concluded that the threat actor potentially viewed images within TMR’s iRemit application that may have contained patient names, addresses, Social Security numbers, bank account and routing number, diagnosis and treatment information, test results, health insurance information, and other information related to patient medical care.
What is TMR doing?
TMR reports that they have taken several corrective actions to remediate and prevent a further security incident, and to mitigate the effects of the security incident. According to TMR, TMR credentials have been reset or deactivated (as applicable). TMR also reports that they implemented additional rules in their firewall to more tightly control the ability to access the iRemit website from other countries, among other steps taken.
What is Intellirad doing?
We take the privacy and security of personal information seriously. Letters were sent to all impacted patients and impacted individuals can obtain, at no cost, credit monitoring and identity theft protection through CyberScout.
Intellirad is also reviewing contracts with third-parties and updating contracts where necessary to ensure that PHI is adequately protected.
What you can do.
Commented [A1]: Intellirad, please confirm. As a best practice, we encourage our patients to review financial account statements and claims information from your health insurance provider, and to monitor credit reports for suspicious activity. Any suspicious activity should be reported to the proper law enforcement authorities.
For more information:
To verify and obtain additional information regarding whether your information was potentially affected by this incident, please call please call 1‐888‐905‐0513, toll‐free, Monday through Friday, 9:00 am – 9:00 pm Eastern Time. Individuals can also contact the Federal Trade Commission at 600 Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity. We apologize for any inconvenience this Technology Management Resources security incident may have caused.