Posted On May 11, 2022 Consumer Privacy & Data Breaches
May 11, 2022 – Recently, Oklahoma City Indian Clinic (“OKCIC”) reported a data breach after an unauthorized party was able to gain access to sensitive consumer information stored on the company’s computer servers. As a result of the breach, the names, dates of birth, medical information and Social Security numbers of certain individuals were compromised. On May 9, 2022, Oklahoma City Indian Clinic sent out data breach letters to those whose information was affected by the breach.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the OKCIC data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Oklahoma City Indian Clinic.
According to a notice posted on the clinic’s website, on March 10, 2022, Oklahoma City Indian Clinic learned of a data security incident affecting its computer system. Believing that the incident may have impacted consumer information in the clinic’s possession, OKCIC enlisted the assistance of a third-party forensic firm to investigate the incident. This investigation confirmed that an unauthorized party was able to access—and potentially retain—sensitive consumer information.
Upon learning of the unauthorized access, OKCIC then sought to identify whether any parties’ sensitive information was contained in the affected files. Subsequently, the clinic completed its review of the compromised files. While the breached information varies based on the individual, it may include your name, date of birth, treatment information, prescription information, medical record, physician information, health insurance policy number, phone number, Tribal ID number, Social Security number, driver’s license number. As many as 38,239 individuals are believed to have been impacted by the OKCIC breach.
On May 9, 2022, OKCIC issued data breach letters to those whose information was compromised in the breach.
Oklahoma City Indian Clinic is a 501(c)(3) nonprofit corporation focused on meeting the healthcare needs of urban American Indians living in central Oklahoma. Oklahoma City Indian Clinic is the clinic’s patient-facing name, although the entity’s legal name is Central Oklahoma American Indian Health Council, Inc. Oklahoma City Indian Clinic was established in 1974 and employs more than 274 people.
Below is the notice provided on the Oklahoma City Indian Clinic website (a direct link to the page can be found here):
On March 10, 2022, Oklahoma City Indian Clinic experienced a network disruption that impacted our ability to access certain files on our network. Upon discovery, we immediately secured our network and engaged a third-party forensic firm to investigate the incident. As part of a thorough investigation, we confirmed that certain information may have been accessed in connection with this incident. Although the forensic investigation could not rule out the possibility that an unknown actor may have accessed this information, there is no indication that any information has been misused at this time or will be in the future. However, we are notifying individuals with information contained within the network in an abundance of caution. The type of information contained within the affected data included individuals’ name, date of birth, treatment information, prescription information, medical record, physician information, health insurance policy number, phone number, Tribal ID number, Social Security number, driver’s license number.
Upon discovering this incident, we reset account passwords and implemented additional security measures to further protect information. We are also providing potentially impacted individuals with access to credit monitoring and identity protection services as an added precaution. If you have questions about this incident or would like to enroll in the credit monitoring and identity protection services, please call 1-833-909-4436, Monday through Friday (except U.S. holidays), from 8:00 a.m. to 8:00 p.m. CT. You may also write to us at 4913 W. Reno Ave, Oklahoma City, OK 73127.
In general, we encourage potentially impacted individuals to remain vigilant against incidents of identity theft and fraud by reviewing credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus, TransUnion, Experian, and Equifax. To order your free credit report, visit www.annualcreditreport.com or call 1-877-322-8228.
Individuals have the right to place an initial or extended “fraud alert” on a credit file at no cost. If individuals are a victim of identity theft, they are entitled to an extended fraud alert lasting seven years. As an alternative to a fraud alert, they have the right to place a “credit freeze” on a credit report. The credit freeze is designed to prevent credit, loans, and services from being approved without consent. Pursuant to federal law, individuals cannot be charged to place or lift a credit freeze on your credit report.
Should individuals wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:
Individuals can further educate themselves regarding identity theft, fraud alerts, credit freezes, and the steps to protect their personal information by contacting the credit reporting bureaus, the Federal Trade Commission (FTC), or their state Attorney General. The FTC also encourages those who discover that their information has been misused to file a complaint with them. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement, the state Attorney General, and the FTC.
