Sweetser has learned of a data security incident that involved protected health information belonging to certain current and former clients. On October 25, 2019, Sweetser notified potentially impacted individuals and provided resources to assist them.
On June 24, 2019, Sweetser detected unusual activity in its email environment and soon thereafter learned an unauthorized third party may have gained access to an employee’s email account. Once discovered, Sweetser secured the account, immediately began an investigation, and engaged a leading digital forensics firm to determine the scope of the incident. Based on the digital forensic firm’s findings, it was determined that Sweetser employee email accounts were subject to unauthorized access from approximately June 18 – June 27, 2019. On September 10, 2019, the investigation revealed that data containing individuals’ personal information within one or more email accounts may have also been affected. This personal information may have included names, addresses, dates of birth, telephone numbers, Social Security numbers, health insurance information and identification numbers, driver’s license numbers, Medicare or Medicaid information, payment or claims information, diagnostic codes, and information regarding medical conditions and treatment. The incident was limited to information transmitted via email and did not affect any other information systems.
Sweetser completed a thorough review of the affected accounts to determine whose personal information may have been impacted by the data incident, and to provide notification to those affected. Sweetser has no evidence that any of the information potentially involved in this incident has been misused, but has reported this matter to the FBI and will cooperate as necessary to hold the perpetrators accountable.
Notification letters were sent to potentially impacted individuals on October 25, 2019. The letters include information about this incident and about steps that potentially impacted individuals can take to monitor and help protect their personal information. Sweetser has established a toll-free call center to answer questions about the incident and to address related concerns. The call center can be reached at 1-833-444-4458, Monday through Friday from 8 a.m. to 5 p.m. Eastern Standard Time. In addition, as a precaution, Sweetser is offering complimentary identity protection services through Experian to those individuals whose Social Security numbers were potentially impacted in connection with this incident. To determine if you qualify for this service, you must obtain verification through the call center. If your Social Security number has been potentially impacted, information on how to enroll for this service will be made available to you.
The privacy and protection of private information is a top priority for Sweetser. Sweetser deeply regrets any inconvenience or concern this incident may cause.