Notification of Data Security Incident
February 23, 2024 – On or around October 10, 2023, Scurry County Hospital District dba Cogdell Memorial Hospital (“Cogdell”), discovered certain unusual activity within its computer systems. Upon discovery, Cogdell immediately secured its network, reset passwords, and engaged a third-party forensic firm to investigate the incident. Following a thorough investigation, Cogdell confirmed that a limited amount of protected health information may have been accessed in connection with this incident.
Although the forensic investigation could not rule out the possibility that an unknown actor may have accessed this information, there is no indication whatsoever that any information has been misused at this time. The type of information contained within the affected data included patient names, addresses, dates of birth, Social Security numbers, medical record numbers, and medical treatment information. Importantly, the information potentially impacted may vary for each individual, and may include all, or just one, of the above-listed types of information.
Upon learning of the potential access of information, Cogdell immediately undertook a thorough review process to identify what type of information was present within the potentially impacted files, and to whom that information belonged. In addition, Cogdell worked diligently to identify contact information for those potentially impacted individuals in order to provide them with notice of the incident. That process was completed on January 17, 2024. Cogdell has notified potentially affected individuals as quickly as possible via U.S. mail to their most recent address on file. In an abundance of caution, Cogdell has provided potentially impacted individuals with complimentary credit monitoring services.
In response to this incident, Cogdell has implemented additional security measures within its network and facilities and is reviewing its current policies and procedures related to data security. Although Cogdell has no evidence of actual misuse of information as a result of this incident, patients are nonetheless encouraged to monitor their account statements and explanation of benefits forms for suspicious activity and to detect errors. Patients may also wish to contact the three major credit agencies to place a fraud alert on their credit report – the credit agencies’ contact information is: Equifax (888-378-4329); TransUnion (833-395-6938); and Experian (888-397-3472).
Cogdell has established a hotline to answer questions about the incident and to address related concerns. The number for the hotline is 1-833-919-4816. You may also contact us by visiting https://cogdellhospital.com/contact, or by writing to 1700 Cogdell Boulevard, Snyder, Texas 79549.
STEPS YOU CAN TAKE TO PROTECT YOUR INFORMATION
Monitor Your Accounts
We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors. Under U.S. law, you are entitled to one free credit report annually from each of the three major credit reporting bureaus, TransUnion, Experian, and Equifax. To order your free credit report, visit www.annualcreditreport.com or call 1-877-322-8228. Once you receive your credit report, review it for discrepancies and identify any accounts you did not open or inquiries from creditors that you did not authorize. If you have questions or notice incorrect information, contact the credit reporting bureau.
You have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any of the three credit reporting bureaus listed below.
As an alternative to a fraud alert, you have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without your express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a credit freeze, you will need to provide the following information:
- Full name (including middle initial as well as Jr., Sr., III, etc.);
- Social Security number;
- Date of birth;
- Address for the prior two to five years;
- Proof of current address, such as a current utility or telephone bill;
- A legible photocopy of a government-issued identification card (e.g., state driver’s license or identification card); and
- A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft, if you are a victim of identity theft.
Should you wish to place a fraud alert or credit freeze, please contact the three major credit reporting bureaus listed below:
TransUnion Fraud Alert
P.O. Box 2000
Chester, PA 19016-2000
TransUnion Credit Freeze
P.O. Box 160
Woodlyn, PA 19094
Experian Fraud Alert
P.O. Box 9554
Allen, TX 75013
Experian Credit Freeze
P.O. Box 9554
Allen, TX 75013
Equifax Fraud Alert
P.O. Box 105069
Atlanta, GA 30348-5069
Equifax Credit Freeze
P.O. Box 105788
Atlanta, GA 30348-5788