Legal 2 col x 6-3/4”
0912
Imperium Health Identifies and Addresses Phishing Incident
LOUISVILLE, KY (September 11, 2020) – Imperium Health Management, LLC (“Imperium”) assists physician practices in managing the care of Medicare beneficiaries. Imperium announced that it is addressing an incident that may have resulted in unauthorized access to patient information for some Medicare beneficiaries. To date, Imperium has found no evidence that any patient information was in fact viewed, accessed, or acquired.
On June 18, 2020, Imperium completed its investigation of an email phishing incident and determined that Patient information in two Imperium employees’ email accounts may have been accessed by unauthorized parties. When Imperium learned of the phishing emails on April 23, 2020, Imperium immediately launched an investigation, disabled the employees’ email accounts, and provided them with new email accounts. A leading cyber security firm was hired to assist Imperium with the investigation. Through the investigation, Imperium determined that, on April 21 and April 24, 2020, two Imperium employees were victims of a phishing email scheme, which means that someone sent these employees fake emails designed to trick them into providing information. These employees clicked on malicious links in emails that appeared to be legitimate, and inadvertently disclosed their email account credentials to unauthorized parties. The investigation concluded that the unauthorized parties only had access to these two Imperium employees’ email accounts, and did not access any other Imperium information systems.
As a result of this incident, information about Medicare beneficiaries in the two Imperium employees’ email accounts may have been visible to the unauthorized parties, including patient names, addresses, dates of birth, medical record numbers, account numbers, health insurance information, Medicare numbers, Medicare Health Insurance Claim Numbers (HICNs) (which may contain Social Security numbers), and limited treatment and clinical information. To date, Imperium has found no evidence that any personal information was in fact viewed, accessed, or acquired.
On August 17, 2020, Imperium started mailing notification letters to patients whose information may have been involved in this incident. For those patients whose HICNs may be involved in this incident, Imperium is offering complimentary credit monitoring and identity protection services. Additional information is available at www.imperiumhealth.com, or by calling Imperium’s dedicated incident response line at 855-223-7519. The incident response line is open Monday – Friday, from 8:00 a.m. to 8:00 p.m., and Saturday – Sunday, 10:00 a.m. – 7:00 p.m., Central Daylight Time.
Imperium encourages patients to remain vigilant for incidents of fraud by monitoring their insurance and physician statements. If patients see services on these statements that they did not receive, they should contact their insurer or provider immediately.
Imperium deeply regrets any concern or inconvenience this incident may cause. Imperium has taken actions to help prevent a similar security incident in the future. These actions include re-educating employees on how to identify and avoid phishing emails and implementing additional security measures, including multifactor authentication for remote access to its systems and new protocols for the secure transfer of personal information.