NOTICE OF DATA BREACH

DMEscripts is informing individuals of a recent security incident involving personal information. DMEscripts may maintain individual’s information in connection to electronic prescription services it provides to certain entities. While we are unaware of any reports of fraud or identity theft as a result of this incident, we encourage individuals to read this notice carefully as it contains information regarding the incident and steps they can take to safeguard their personal information.

What Happened?

On or around April 22, 2024, DMEscripts detected suspicious activity in an employee’s email account. Through its investigation, DMEscripts learned the email account was accessed by an unknown individual without authorization. Upon detection, DMEscripts promptly took steps to secure its email tenant and, with the assistance of a cybersecurity specialists, launched an investigation to determine the nature and scope of the incident.

Even though the investigation could not confirm if any e-mails within the account were actually copied or downloaded by the unknown individual, out of an abundance of caution, DMEscripts reviewed the full contents of the mailbox to determine if any messages or attachments contained personal information.  After an extensive review of the contents of the employee’s account, DMEscripts confirmed that the e-mail account contained certain personal information provided to DMEscripts by its customers.

What Information was Involved?

The potentially impacted information varies for each individual. However, the impacted information may have included an individual’s name, date of birth, medical information, and/or health insurance information.

What Are We Doing?

We take this incident and the security of personal information in our care seriously. Upon discovering the suspicious activity, DMEscripts took steps to secure the employee’s email account, assess the security of the email environment, and investigate the activity.

What Can Individuals Do?

Although DMEscripts is not aware of any claims that individuals have been victims of fraud as a result of this incident, we are encouraging individuals to take steps to protect their personal information.  Additional information pertaining to resources are provided below.

  1. Review Your Accounts for Suspicious Activity. We encourage you to remain vigilant by regularly reviewing your accounts and monitoring credit reports for suspicious activity. 
  1. Order a Credit Report. If you are a U.S. resident, you are entitled under U.S. law to one free credit report annually from each of the three nationwide consumer reporting agencies. To order your free credit report, visit www.annualcreditreport.com or call toll-free at 1-877-322-8228. If you discover information on your credit report arising from a fraudulent transaction, you should request that the credit reporting agency delete that information from your credit report file. Contact information for the nationwide credit reporting agencies is provided in the next section.
  1. Contact the Federal Trade Commission, Law Enforcement and Credit Bureaus. You may contact the Federal Trade Commission (“FTC”), your state’s Attorney General’s office, or law enforcement, to report incidents of identity theft or to learn about steps you can take to protect yourself from identity theft. To learn more, you can go to the FTC’s websites at www.identitytheft.gov an; call the FTC at (877) IDTHEFT (438-4338); or write to: FTC Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

You may contact the nationwide credit reporting agencies at:

  1. Equifax: (800) 525-6285; P.O. Box 740241, Atlanta, Georgia, 30374; or www.equifax.com.
  • Experian: (888) 397-3742; P.O. Box 9701, Allen, TX 75013; or www.experian.com.
  • TransUnion: (800) 916-8800; Fraud Victim Assistance Division, P.O. Box 2000, Chester, PA 19022; or www.transunion.com.
  1. Additional Rights Under the FCRA. You have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit “prescreened” offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here.

Identity theft victims and active-duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by: (i) visiting https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.pdf ; or (ii) by writing to Consumer Financial Protection Bureau, 1700 G Street, N.W., Washington, DC 20552.

  1. Request Fraud Alerts and Security Freezes. You may obtain additional information from the FTC and the credit reporting agencies about fraud alerts and security freezes. You can add a fraud alert to your credit report file to help protect your credit information. A fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you, but it also may delay your ability to obtain credit. You may place a fraud alert in your file by calling just one of the three nationwide credit reporting agencies listed above. As soon as that agency processes your fraud alert, it will notify the other two agencies, which then must also place fraud alerts in your file.

In addition, you can contact the nationwide credit reporting agencies at the following numbers to place a security freeze at no cost to you:

  1. Equifax: (800) 349-9960
    1. Experian: (888) 397-3742
    1. TransUnion: (888) 909-8872

Placing a security freeze prohibits the agency from releasing any information about your credit report without your written authorization. Security freezes must be placed separately at each of the three nationwide credit reporting agencies. When requesting a security freeze, you may need to provide the following information:

  • Your full name, with middle initial as well as Jr., Sr., II, etc.
  • Social Security number
  • Date of birth
  • Current address and all addresses for the past two years
  • Proof of current address, such as a current utility bill or telephone bill
  • Legible copy of a government-issued identification card, such as a state driver’s license, state identification card, or military identification.

After receiving your request, each agency will send you a confirmation letter containing a unique PIN or password that you will need to lift or remove the freeze. You should keep the PIN or password in a safe place.

Other Important Information:

  • For Iowa Residents. You may contact law enforcement or the Iowa Attorney General’s Office to report suspected incidents of identity theft: Office of the Attorney General of Iowa, Consumer Protection Division, Hoover State Office Building, 1305 East Walnut Street, Des Moines, IA 50319, www.iowaattorneygeneral.gov, Telephone: 515-281-5164.
  • For Maryland Residents. You can obtain information about avoiding identity theft from the Maryland Attorney General at: Maryland Office of the Attorney General Consumer Protection Division, 200 St. Paul Place, Baltimore, MD 21202, (888) 743-0023 (toll-free in Maryland), (410) 576-6300, www.marylandattorneygeneral.gov.
  • For Massachusetts Residents. You have the right to obtain a police report and request a security freeze (without any charge) as described above.
  • For New York Residents. You can obtain information about security breach response, identity theft prevention, and identity protection information from the New York State Office of the Attorney General at: Office of the Attorney General, The Capitol, Albany, NY 12224-0341, 1-800-771-7755 (toll-free), 1-800-788-9898 (TDD/TTY toll-free line), https://ag.ny.gov/, and at: Bureau of Internet and Technology (BIT), 28 Liberty Street, New York, NY 10005, Phone: (212) 416-8433, https://ag.ny.gov/resources/individuals/credit-lending/identity-theft.
  • For North Carolina Residents. You can obtain information about avoiding identity theft from the North Carolina Attorney General at: North Carolina Attorney General’s Office 9001 Mail Service Center, Raleigh, NC 27699-9001, (877) 566-7226 (toll-free in North Carolina), (919) 716-6400, www.ncdoj.gov.
  • For Residents of Oregon. You may report suspected identity theft to law enforcement, including the Office of the Oregon Attorney General and the FTC. Contact information for the FTC is included in your notice. The Office of the Oregon Attorney General can be reached: (1) by mail at 1162 Court St. NE, Salem, OR 97301; (2) by phone at (877) 877-9392; or (3) online at https://www.doj.state.or.us.
  • For Rhode Island Residents. You can obtain information about avoiding identity theft from the Rhode Island Office of the Attorney General at: Rhode Island Office of the Attorney General, Consumer Protection Unit 150, South Main Street, Providence, RI 02903, (401)-274-4400, www.riag.ri.gov. You have the right to obtain a police report, and to request a security freeze (charges may apply), as described above. Information pertaining to approximately 82 Rhode Island residents was potentially involved in this incident.
  • For Washington, D.C. Residents. You can obtain information about avoiding identity theft from the Office of the Attorney General for the District of Columbia at: Office of the Attorney General for the District of Columbia, 400 6th Street NW, Washington, D.C. 20001, (202)-727-3400, www.oag.dc.gov. You have the right to request a security freeze (without any charge) as described above.

If individuals have additional questions, they are encouraged to please contact the dedicated, toll-free number set up for this incident at 866-573-9382, 9 a.m. to 9 p.m. ET, Monday through Friday, excluding major U.S. holidays.

Safeguarding the information maintained by DMEscripts remains a top priority and we sincerely regret any inconvenience or concern this event may cause you.