Northwest Arkansas Democrat-Gazette
ARcare reports data security breach
A security breach has caused an Arkansas medical provider to notify patients that personal and/or medical information could have been attained by an unknown source.
ARcare provides comprehensive primary care and behavioral health services in clinics and medical centers in Arkansas, Mississippi and Kentucky, a prepared statement from the company said.
Officials did not answer questions about how many patients within the network could have been at risk. The company also did not answer questions about whether the breach was company-wide or more specific.
“ARcare does not share details about its network architecture for security purposes,” Mullen Coughlin attorney Lynda Jensen said in response to the questions.
All individuals with information stored on “impacted systems” received a notice of the security event “out of an abundance of caution,” according to the statement emailed by Jensen.
“There is no indication that any individual was affected directly by the security event,” the statement reads. “There also is no indication that any ARcare clinic or center was affected directly.”
As of Wednesday, the company was unaware of any misuse of information because of the incident, which involved a malware infection, a news release said. The breach did lead to a temporary disruption of services.
An investigation showed an unauthorized user may have accessed or acquired sensitive data between Jan. 18 and Feb. 24.
Personal information that could have been viewed includes names, social security numbers, driver’s license or state identification numbers, dates of birth, financial accounts, medical treatment, prescriptions, medical diagnosis or condition and health insurance.
“ARcare responded immediately to this incident and worked diligently to provide potentially affected individuals with accurate and complete notice of the incident as soon as possible,” a news release said. “With the assistance of third-party specialists, ARcare also took steps to enhance the security of its systems.”
The company began notifying potential victims April 25.
“Although ARcare is unaware of the misuse of any personal information impacted by this incident, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the release said.
Suspicious activity should be reported to the provider of the service such as an insurance company, a health care provider or a financial institution.
The company also is providing free credit monitoring and identity theft protection services to those possibly affected.
More information can be found by calling (833) 7831354 between 8 a.m. and 8 p.m. Monday through Friday.