Notice of Data Security Incident
Tuscaloosa, Alabama – March 14, 2023 – NorthStar Emergency Medical Services (“NorthStar”) has learned of a data security incident that may have impacted data belonging to certain current and former patients.
On September 16, 2022, NorthStar discovered unusual activity in its digital environment. Upon discovering this activity, it immediately took steps to secure the environment and engaged independent cybersecurity experts to conduct an investigation. As a result of the investigation, NorthStar learned that an unauthorized actor accessed certain data stored on its network. NorthStar then undertook an in-depth and time-consuming review of the data in order to determine whether any personal or protected health information was affected by the incident. On March 8, 2023, as a result of this review, NorthStar determined that information belonging to certain individuals may have been impacted by the incident.
While NorthStar has no evidence that any information potentially involved in this incident has been misused, out of an abundance of caution, NorthStar is informing affected individuals about the steps they can take to help protect their information. The potentially affected information may include individuals’ names, Social Security numbers, dates of birth, patient ID number, treatment information, Medicare/Medicaid number, and/or health insurance information. On March 14, 2023, NorthStar provided written notification of the incident via US mail to impacted individuals.
NorthStar has taken steps in response to this incident and has made alterations to its cyber environment to help prevent similar incidents from occurring in the future. NorthStar has also reported the incident to law enforcement.
NorthStar has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday between 8am – 8pm CST and can be reached at 833-753-4562.
The privacy and protection of personal and protected health information is a top priority for NorthStar, which deeply regrets any inconvenience or concern this incident may cause.
While we are not aware of the misuse of any potentially affected individual’s information, we are providing the following information to help those wanting to know more about steps they can take to protect themselves and their personal information:
What steps can I take to protect my personal information?
Please notify your financial institution immediately if you detect any suspicious activity on any of your accounts, including unauthorized transactions or new accounts opened in your name that you do not recognize. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities.
You can request a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To do so, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is listed at the bottom of this page.
You can take steps recommended by the Federal Trade Commission to protect yourself from identify theft. The FTC’s website offers helpful information at www.ftc.gov/idtheft.
Additional information on what you can do to better protect yourself is included in your notification letter.
How do I obtain a copy of my credit report?
You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Use the following contact information for the three nationwide credit reporting agencies:
P.O. Box 1000
Chester, PA 19016
P.O. Box 9532
Allen, TX 75013
P.O. Box 105851
Atlanta, GA 30348
How do I put a fraud alert on my account?
You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.
How do I put a security freeze on my credit reports?
You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, or regular stamped mail, or online by following the instructions found at the websites listed below. You will need to provide the following information when requesting a security freeze (note that if you are making a request for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) address. You may also be asked to provide other personal information such as your email address, a copy of a government-issued identification card, and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. There is no charge to place, lift, or remove a freeze. You may obtain a security freeze by contacting any one or more of the following national consumer reporting agencies:
Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
Experian Security Freeze
PO Box 9554
Allen, TX 75013
PO Box 2000
Chester, PA 19022
What should I do if my family member was involved in the incident and is deceased?
You may choose to notify the three major credit bureaus, Equifax, Experian and Trans Union, and request they flag the deceased credit file. This will prevent the credit file information from being used to open credit. To make this request, mail a copy of your family member’s death certificate to each company at the addresses below.