Mental Health Center of North Central Alabama Inc - Logo
Administrative Office: 256-355-6105
Schedule An Appointment: 256-355-5904 | 800-365-6008
Five Locations in Alabama Covering Morgan, Limestone, and Lawrence Counties
Mental Health Center of North Central Alabama Inc Logo
Meeting the mental health needs of North Central Alabama since 1967
Five Locations in Alabama Covering Morgan, Limestone, and Lawrence Counties
Administrative Office: 256-355-6105
Schedule An Appointment: 256-355-5904 | 800-365-6008

NOTICE OF INCIDENT

Updated May 17, 2024 


What Happened?  

 

On December 19, 2023, the Mental Health Center of North Central Alabama (the “Mental Health Center”) discovered unusual activity that disrupted its computer systems (the “Incident”). The Mental Health Center immediately began an investigation and took steps to contain the situation, including implementing endpoint detection and response monitoring, notifying federal law enforcement, and engaging cybersecurity and privacy professionals to assist.

The investigation has found evidence that unauthorized actors accessed the Mental Health Center systems from December 15, 2023, to December 19, 2023. Our investigation determined that unauthorized actors downloaded some of our data, which may have included personal information for our patients and employees. There is currently no evidence that any information has been misused for identity theft or fraud in connection with the Incident.   


What Information Was Involved?  

 

There is a possibility that the following types of information may have been impacted: name, address, birth date, admission date, discharge date, death date, medical record number, provider or facility name, medical condition, diagnosis and/or treatment information, lab results, medications, payment amount history information, insurance payment amount information, date of service, Social Security number, financial account information, credit card number, medical information, health insurance information, driver’s license or state identification number, and any information on an individual that was created, used, or disclosed in the course of providing health care services. These are general categories of information that we believe may be present within the affected systems and may have been accessed by the unauthorized actor during the Incident. Since this describes general categories of information involved in this Incident, it likely includes categories that are not relevant to every individual. 

 

If you believe that the Incident affected your information and would like to learn more about the specific types of information related to you that may have been impacted, please call 888-387-9418 to inquire. 


What We Are Doing.  

 

Upon becoming aware of the Incident, we immediately implemented measures to further improve the security of our systems and practices, including implementing endpoint detection and response monitoring. After determining that an unauthorized actor gained access to our systems, we immediately began analyzing the information involved to confirm the identities of potentially affected individuals and notify them. The Mental Health Center team has worked diligently to complete our investigation, add further technical safeguards to our existing protections, and bring systems back online as quickly and securely as possible. We continue to work with leading privacy and security firms to aid in our investigation and response, and we are reporting this Incident to relevant government agencies. Beginning May 17, 2024, written notification letters were mailed to the individuals identified as potentially impacted. 

 

What Can Impacted Individuals Do?  

 

We encourage individuals who may be potentially impacted to remain vigilant against incidents of identity theft and fraud. We encourage a cautious review of account statements and explanation of benefits forms for suspicious activity. Additional monitoring can be conducted by checking free credit reports for suspicious activity and errors. Under U.S. law, individuals are entitled to one (1) free credit report annually from each of the three (3) major credit reporting bureaus. Additional information and resources are outlined below. 

 

Potentially affected individuals seeking additional information may call the toll-free assistance line at 888-387-9418 any questions about the incident, Monday through Friday, from 8:00 a.m. to 5:00 p.m. Eastern Standard Time (excluding some U.S. national holidays) or by mail at 1316 Somerville Rd., SE Ste. #1, Decatur, Alabama 35601. Potentially affected individuals may also consider the information and resources outlined below.  

 

Steps You Can Take to Protect Your Personal Information  


To obtain a free credit report, individuals may visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228.  


Alternatively, affected individuals can contact the three (3) major credit reporting bureaus directly at the addresses below:  

Equifax, PO Box 740241, Atlanta, GA 30374, www.equifax.com, 1-800-685-1111  

Experian, PO Box 2104, Allen, TX 75013, www.experian.com, 1-888-397-3742  

TransUnion, PO Box 2000, Chester, PA 19022, www.transunion.com, 1-800-888-4213  


Free Credit Report. It is recommended that you remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit report for unauthorized activity. You may obtain a copy of your credit report, free of charge, once every twelve (12) months from each of the three (3) nationwide credit reporting agencies.  


To order your annual free credit report please visit  www.annualcreditreport.com or call toll free at 1-877-322-8228.  



You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available from the U.S. Federal Trade Commission’s (“FTC”) website at www.consumer.ftc.gov) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.  


Fraud Alert. You may place a fraud alert in your file by calling one (1) of the three (3) nationwide credit reporting agencies above. A fraud alert tells creditors to follow certain procedures, including contacting you before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit.  


Security Freeze.  You may obtain a security freeze on your credit report, free of charge, to protect your privacy and confirm that credit is not granted in your name without your knowledge. You may also submit a declaration of removal to remove information placed in your credit report as a result of being a victim of identity theft. You have a right to place a security freeze on your credit report, free of charge, or submit a declaration of removal pursuant to the Fair Credit Reporting and Identity Security Act.  


The security freeze will prohibit a consumer reporting agency from releasing any information in your credit report without your express authorization or approval. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. When you place a security freeze on your credit report, you will be provided with a personal identification number, password, or similar device to use if you choose to remove the freeze on your credit report or to temporarily authorize the release of your credit report to a specific party or parties or for a specific period of time after the freeze is in place.  


To place a security freeze on your credit report, you may be able to use an online process, an automated telephone line, or a written request to any of the three (3) credit reporting agencies listed above. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for them as well): (1) full name, with middle initial, and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five (5) years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, and display your name, current mailing address, and the date of issue.  


Federal Trade Commission and State Attorneys General Offices. If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or avoid identity theft. Contact information for the Consumer Response Center of the Federal Trade Commission is 600 Pennsylvania Avenue, NW, Washington, DC 20580, www.ftc.gov/bcp/edu/microsites/idtheft/ or 1-877-IDTHEFT (438-4338).  



Share by: