Omni Family Health
Notice of Data Breach
Omni Family Health is informing individuals of a recent security incident involving personal information. Omni may maintain your information if you are a current or former employee or patient of Omni, or if you were referred to Omni for medical care. While we are unaware of any reports of fraud or identity theft as a result of this incident, we encourage individuals to read this notice carefully as it contains information regarding the incident and steps they can take to safeguard their personal information.
Please be assured all health centers remain open during normal business hours and our providers and staff continue to operate safely and securely.
What Happened?
On August 7, 2024, we became aware of claims that information was taken from our systems and posted on the dark web. The dark web is a hidden part of the internet that is not accessible through regular search engines like Google. Upon learning of these claims, we immediately initiated an investigation and engaged outside cybersecurity specialists to assist with our efforts. We also notified federal law enforcement.
Through the investigation, Omni determined the data posted on the dark web appeared to be related to Omni’s patients and employees. Consequently, we are notifying individuals whose information could be included in the posted data.
What Information Was Involved?
Although the information involved varies depending on the individual and their relationship with Omni Family Health, this section provides details regarding the personal information potentially affected by this incident.
1. Current or Former Patients: If you are a current or former patient of Omni, or were referred to Omni for medical care, the following types of information related to you were potentially involved in this incident: name, address, Social Security number, date of birth, health insurance plan information, and medical information.
2. Current or Former Employees: If you are a current or former employee of Omni, the following types of information related to you were potentially involved in this incident: name, address, Social Security number, date of birth, medical information, health insurance information and financial account information related to direct deposit. Additionally, if you provided Omni with information about your dependents and beneficiaries, their information might also be affected.
For further details and to access resources specifically available to your dependents and beneficiaries, please contact our dedicated call center. It’s possible that your dependents and beneficiaries will receive a separate letter. Please be assured that the letter is legitimate and relates to this incident, which we are notifying you about separately.
What Are We Doing?
The confidentiality, privacy, and security of information maintained by Omni remains our top priority. Upon becoming aware of the claims of information on the dark web, we moved quickly and diligently to investigate the claims, ensure the security of our systems, and identify whose information may be included in the dark web posting.
We strongly encourage you to review the steps outlined in this notice to protect your information and sign up for the services offered. Cybersecurity is an ongoing concern for everyone, as companies worldwide face cybersecurity threats. Individuals can better protect themselves by following the steps below.
What Can Individuals Do?
Although Omni is not aware of any claims that individuals have been victims of fraud as a result of this incident, we are encouraging individuals to take steps to protect their personal information. Additional information pertaining to resources are provided below.
- Review Your Accounts for Suspicious Activity. We encourage you to remain vigilant by regularly reviewing your accounts and monitoring credit reports for suspicious activity.
- Order a Credit Report. If you are a U.S. resident, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. Contact information for the nationwide credit reporting agencies is provided in the next section.
- Contact the Federal Trade Commission, Law Enforcement and Credit Bureaus. You may contact the Federal Trade Commission (“FTC”), your state’s Attorney General’s office, or law enforcement, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s websites at www.identitytheft.gov an; call the FTC at (877) IDTHEFT (438-4338); or write to: FTC Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
You may contact the nationwide credit reporting agencies at:
- Equifax: (800) 525-6285; P.O. Box 740241, Atlanta, Georgia, 30374; or www.equifax.com.
- Experian: (888) 397-3742; P.O. Box 9701, Allen, TX 75013; or www.experian.com.
- TransUnion: (800) 916-8800; Fraud Victim Assistance Division, P.O. Box 2000, Chester, PA 19022; or www.transunion.com.
- Additional Rights Under the FCRA. You have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here.
Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by: (i) visiting https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.pdf ; or (ii) by writing to Consumer Financial Protection Bureau, 1700 G Street, N.W., Washington, DC 20552.
- Request Fraud Alerts and Security Freezes. You may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.
In addition, you can contact the nationwide credit reporting agencies at the following numbers to place a security freeze at no cost to you:
- Equifax: (800) 349-9960
- Experian: (888) 397-3742
- TransUnion: (888) 909-8872
Placing a security freeze prohibits the agency from releasing any information about your credit report without your written authorization. Security freezes must be placed separately at each of the three nationwide credit reporting agencies. When requesting a security freeze, you may need to provide the following information:
- Your full name, with middle initial as well as Jr., Sr., II, etc.
- Social Security number
- Date of birth
- Current address and all addresses for the past two years
- Proof of current address, such as a current utility bill or telephone bill
- Legible copy of a government-issued identification card, such as a state driver’s license, state identification card, or military identification.
After receiving your request, each agency will send you a confirmation letter containing a unique PIN or password that you will need to lift or remove the freeze. You should keep the PIN or password in a safe place.
Other Important Information.
- For Iowa Residents. You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft: Office of the Attorney General of Iowa, Consumer Protection Division, Hoover State Office Building, 1305 East Walnut Street, Des Moines, IA 50319, www.iowaattorneygeneral.gov, Telephone: 515-281-5164.
- For Maryland Residents. You can obtain information about avoiding identity theft from the Maryland Attorney General at: Maryland Office of the Attorney General Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, (888) 743-0023 (toll-free in Maryland), (410) 576-6300, www.marylandattorneygeneral.gov.
- For Massachusetts Residents. You have the right to obtain a police report and request a security freeze (without any charge) as described above.
- For New York Residents. You can obtain information about security breach response, identity theft prevention, and identity protection information from the New York State Office of the Attorney General at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341, 1-800-771-7755 (toll-free), 1-800-788-9898 (TDD/TTY toll-free line), https://ag.ny.gov/, and at: Bureau of Internet and Technology (BIT), 28 Liberty Street, New York, NY 10005, Phone: (212) 416-8433, https://ag.ny.gov/resources/individuals/credit-lending/identity-theft.
- For North Carolina Residents. You can obtain information about avoiding identity theft from the North Carolina Attorney General at: North Carolina Attorney General’s Office 9001 Mail Service Center, Raleigh, NC 27699-9001, (877) 566-7226 (toll-free in North Carolina), (919) 716-6400, www.ncdoj.gov.
- For Residents of Oregon. You may report suspected identity theft to law enforcement, including the Office of the Oregon Attorney General and the FTC. Contact information for the FTC is included in your notice. The Office of the Oregon Attorney General can be reached: (1) by mail at 1162 Court St. NE, Salem, OR 97301; (2) by phone at (877) 877-9392; or (3) online at https://www.doj.state.or.us/
- For Rhode Island Residents. You can obtain information about avoiding identity theft from the Rhode Island Office of the Attorney General at: Rhode Island Office of the Attorney General, Consumer Protection Unit 150, South Main Street, Providence, RI 02903, (401)-274-4400, www.riag.ri.gov. You have the right to obtain a police report, and to request a security freeze (charges may apply), as described above. Information pertaining to approximately one Rhode Island resident was potentially involved in this incident.
- For Washington, D.C. Residents. You can obtain information about avoiding identity theft from the Office of the Attorney General for the District of Columbia at: Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington, D.C. 20001, (202)-727-3400, www.oag.dc.gov. You have the right to request a security freeze (without any charge) as described above.
If individuals have additional questions, they are encouraged to please contact the dedicated, toll-free number set up for this incident at 855-507-8493, Monday through Friday from 6:00 a.m. to 6:00 p.m. Pacific Time, excluding major U.S. holidays, to enroll in credit monitoring services.
Safeguarding the information maintained by Omni Family Health remains a top priority and we sincerely regret any inconvenience or concern this event may cause you.