Notice of Security Incident

Arietis Health, LLC (“Arietis Health”) provides healthcare billing services to NorthStar Anesthesia, which manages healthcare entities that provide anesthesia and pain management services (the “Healthcare Entities”). Arietis Health determined that information belonging to certain patients of those Healthcare Entities, which it received in connection with the billing services it provides, may have been involved in a data security incident. The Healthcare Entities whose patient information may have been involved in the incident are listed below. On September 29, 2023, Arietis Health began notifying potentially impacted individuals.

On May 31, 2023, Progress Software – the company responsible for MOVEit file transfer software – alerted Arietis Health to a critical vulnerability affecting MOVEit, a solution used widely by businesses and government agencies, including Arietis Health, to securely transfer data. After becoming aware of the alert, Arietis Health took immediate steps to secure and patch its MOVEit server in accordance with Progress Software’s instructions. Arietis Health thereafter engaged leading, independent cybersecurity experts to conduct a comprehensive investigation. On July 26, 2023, the investigation determined that unauthorized actors had access to Arietis Health’s MOVEit server on May 31, 2023, and may have acquired certain files which contained data belonging to patients of the Healthcare Entities. On August 3, 2023, Arietis Health informed NorthStar Anesthesia of the incident, and reviewed the impacted data to determine what information may have been involved in the incident.

This incident may have involved the following information for patients of the Healthcare Entities listed below, including patient names, dates of birth, driver’s license or other state identification card numbers, addresses, Social Security numbers, medical record numbers, patient account numbers, health insurance information, diagnosis and treatment information, clinical and prescription information, and/or provider information.

Arietis Health is sending letters with information about the incident to patients of the Healthcare Entities whose information may have been involved. Arietis is also offering those patients complimentary credit and identity monitoring services, and encourages them to enroll in those services. In addition, Arietis Health has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding major U.S. holidays, and can be reached at 855-657-4306 or you can go to https://app.medicalshield.cyex.com/enrollment/activate/.

The privacy and protection of the information it maintains is a top priority for Arietis Health, and Arietis Health deeply regrets any inconvenience or concern this incident may cause.

Please see below for a list of the Healthcare Entities whose patient data may have been involved in the incident. Also included below are additional steps affected individuals can take to protect their information.

Healthcare Entities:

AmSol Physicians of Elkin, NC, PLLC

Anesthesia Company of Houston, PLLC

Anesthesia Resources Management Solutions, Inc

Coronado Anesthesia, PLLC

Digestive Health Specialists of SE

Dupont Anesthesia, PSC

Epix Anesthesia of Alabama, LLC

Epix Anesthesia of Tennessee, PLLC

Epix Medical Services of Houston, PLLC

Gastro South Anesthesia, LLC

Gastroenterology Consultants of Augusta, PC

GI Associates of West Alabama, PC

KBS Anesthesia, Inc

Lehigh Anesthesia Associates, PC

Northeast Gastroenterolgy Center, Inc

Northern Tier Gastroenterology, Inc

Northern Virginia Surgery Center Anesthesia, LLC

NorthStar Anesthesia II, PA

NorthStar Anesthesia III, PA

NorthStar Anesthesia of Delaware, LLC

NorthStar Anesthesia of Illinois, LLC

NorthStar Anesthesia of Indiana II, LLC

NorthStar Anesthesia of Indiana, LLC

NorthStar Anesthesia of Kansas, LLC

NorthStar Anesthesia of Kentucky, PLLC

NorthStar Anesthesia of Michigan II, PC

NorthStar Anesthesia of Michigan III, PLLC

NorthStar Anesthesia of Michigan, LLC

NorthStar Anesthesia of Mississippi, LLC

NorthStar Anesthesia of Missouri, LLC

NorthStar Anesthesia of Montana, PLLC

Northstar Anesthesia of Nebraska, PLLC

NorthStar Anesthesia of Ohio, LLC

NorthStar Anesthesia of Oklahoma, PLLC

NorthStar Anesthesia of Pennsylvania, LLC

NorthStar Anesthesia of Tennessee, PLLC

NorthStar Anesthesia of Virginia, LLC

NorthStar Anesthesia of West Virginia, PLLC

NorthStar Anesthesia, PA

NSA Pain Services of Michigan III, PLLC

NSA Pain Services of Michigan, PLLC

Nurse Anesthesia of North Carolina, PLLC

Orange City Anesthesia Services, LLC

PhySynergy, LLC AL

PhySynergy, LLC TN

Professional Anesthesia Group, LLC

Professional Anesthesia Services of Kentucky, PLLC

River Cities Anesthesia, LLC

Riverside Anesthesia Services, LLC

Sarasota Anesthesia Services, LLC

Sentry Anesthesia Management, LLC

Southwest Ohio Anesthesia Consultants, LLC

Space Coast Anesthesia, LLC

Sunset Anesthesia, LLC 

What steps can I take to protect my information?

While Arietis Health has no evidence of the misuse of any potentially affected individual’s information as a result of this incident, Arietis Health is providing the following information about steps that individuals can take to help protect their information: 

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you review your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC). You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

• Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Ave, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), consumer.ftc.gov, www.ftc.gov/idtheft.

Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print this form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. You also can contact one of the following three national credit reporting agencies:

• Equifax, P.O. Box 740241, Atlanta, GA 30374, 1-800-525-6285, equifax.com.
• Experian, P.O. Box 9532, Allen, TX 75013, 1-888-397-3742, experian.com.
• TransUnion, P.O. Box 1000, Chester, PA 19016, 1-800-916-8800, transunion.com.

Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state attorney general about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the attorney general in your state.

Additional information for residents of the following states:

The post Notice of Security Incident appeared first on Arietis Health | Healthcare Revenue Cycle Management.