Wright & Filippis was subject to a cybersecurity attack culminating in ransomware from January 26 to January 28, 2022 (the “Incident”). Wright & Filippis’ endpoint security detected and terminated the ransomware shortly after it executed. With assistance from third-party experts, Wright & Filippis took immediate steps to secure its systems and investigate the nature and scope of the Incident. On or about May 2, 2022, Wright & Filippis discovered that the Incident may have impacted protected health information (“PHI”) or personally identifiable information (“PII”). We have found no evidence that your information was misused.
Importantly, Wright & Filippis’ electronic medical records and HR system were not impacted. However, the Incident may have resulted in unauthorized access to or acquisition of certain files or accounting records that may have contained one or more of the following data elements:
As part of its extensive investigation, Wright & Filippis worked diligently to identify any PHI and PII that may have been subject to unauthorized access or acquisition as a result of the Incident and identify individuals to whom that PHI and PII related. This process was time-intensive, but ultimately necessary to properly identify potentially affected individuals.
Out of an abundance of caution, and in accordance with applicable law, we are providing this notice to you so that you can take steps to minimize the risk that your information will be misused. The attached sheet describes steps you can take to protect your identity, credit, and personal information.
As an added precaution, we are also offering complimentary access to identity monitoring, fraud consultation, and identity theft restoration services to help mitigate any potential for harm at no cost to you. Please see below for more information on enrollment in these services.
Wright & Filippis endeavors to protect the privacy and security of sensitive information. We have worked diligently to determine how this incident happened and are taking appropriate measures to prevent a similar situation in the future. Since the Incident we have implemented a series of cybersecurity enhancements, including installation of additional endpoint detection and response software, resetting all passwords, and rebuilding affected servers.
As with any data incident, we recommend that you remain vigilant and consider taking steps to avoid identity theft, obtain additional information, and protect your personal information. Common passwords or passwords you may be using on multiple accounts should be updated to new complex passwords for added security. The attached sheet describes additional steps you can take to protect your identity and personal information.
For affected individuals we are offering identify theft protection services through IDX the data breach and recovery services expert. IDX identity protection services include a minimum of 12 months of credit monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this specialized protection, IDX can help you resolve issues if your identity is compromised.
We encourage you to contact IDX with any questions and to enroll in free identity protection services by calling (833) 875-0798 or going to https://response.idx.us/WrightFilippis and using the Enrollment Code provided in your notification letter. IDX representatives are available Monday through Friday from 9:00 am to 9:00 pm Eastern Time. Please note the deadline to enroll is February 18, 2023. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information. In the event to the affected individual was a minor or is deceased, please call the above number and alert a representative. The services described herein can be modified accordingly.
Please call (833) 875-0798 or go to https://response.idx.us/WrightFilippis for assistance or for any additional questions you may have. You will need to reference the enrollment code at the top of your letter when calling or enrolling online, so please do not discard the letter if you received one.
You may also contact Wright & Filippis at (800) 482-0222, or send an email to firstname.lastname@example.org
We sincerely apologize for this situation and any inconvenience it may cause you.
We recommend you remain vigilant and consider taking the following steps to avoid identity theft, obtain additional information, and protect your personal information:
You have the right to obtain a copy of the applicable police report, if any, relating to this incident.