SEARCH FINANCIAL SERVICES INFRASTRUCTURE SECURITY SCIENCE INTERVIEWS

 

     

Apex Laboratory NOTICE OF DATA EVENT

By Apex Laboratory Team

January 4, 2021

On July 25, 2020, Apex Laboratory of Farmingdale, NY (“Apex”) discovered that it was the victim of a cyber-attack and that certain systems in its environment were encrypted and inaccessible. Apex is a laboratory that provides medical testing services for individuals, doctors, and facilities. With the assistance of third-party forensic and cyber security specialists, Apex quickly secured their network, restored the impacted data, resumed operation on July 27th, 2020, and immediately began an investigation into the incident. After a thorough 3rd party cyber forensics analysis, the investigation initially determined that there was no evidence of unauthorized access or acquisition of patient information. However, on December 15, 2020, Apex learned that the hackers posted information on their blog about the attack and listed data taken that contained personal and health information for some patients.

Upon learning of the data that was taken, Apex, along with the assistance of forensic specialists, conducted a review of the files to determine what information was impacted and ensured that the data was removed from the hacker’s blog. It is believed that this information may have been acquired from Apex’s systems between July 21, 2020 and July 25, 2020.

Although the investigation is ongoing, at this point, the data believed to be taken includes, for a subset of patients: patient names, dates of birth, test results, and for some individuals, Social Security numbers, and phone numbers. Additionally, Apex is unaware of any actual or attempted misuse of any information other than the extracting of this data as part of the cyber-attack. Apex is in the process of preparing written, mailed notice to impacted individuals for whom it has addresses, as well as posting notice on its website. Individuals who believe they may be impacted by this incident can call the incident inquiry hotline at (833) 971-3310 for additional information.

 We take this incident and the security of personal information in our care seriously. Apex is continuing to investigate this incident. As part of our ongoing commitment to the security of information, we notified law enforcement and are reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event. Although Apex is unaware of any identify theft or fraud resulting from this incident, as always, individuals should remain vigilant against incidents of identity theft and fraud by revieiwng account statements, monitoring credit reports, and monitoring explanations of benefits for suspicious activity. Individuals who identify suspicious activity should report the activity to their medical provider, financial institution, and/or law enforcement, as may be applicable. Individuals can also learn more about identity theft prevention and protection resources from their state Attorney General and the Federal Trade Commission. For New York residents, the Attorney General may be contacted at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; 1-800-771-7755; and https://ag.ny.gov/. The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261

Terms of Use | Copyright © 2002 - 2021 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement