Notice of Privacy Incident
Notice of Privacy Incident
February 23, 2024
Rotech Healthcare Inc. (“Rotech”) is providing notification of a recent privacy incident experienced by our business partner, Philips Respironics, that may have impacted certain information of patients who have purchased Philips Respironics sleep and respiratory devices from Rotech. On June 5, 2023, Philips Respironics was made aware of a privacy incident whereby an unauthorized third-party exploited a Progress Software Corporation MOVEit Transfer software vulnerability to access information stored on a Philips Respironics server. Philips Respironics immediately took steps to secure the systems and performed further investigation and analysis. The investigation indicates that an unauthorized third-party extracted files contained on Philips Respironics online server on May 31, 2023. As a result of its investigation, Philips Respironics determined that the types of information contained in the extracted files may have included name, address, date of birth, email address, phone number, health insurance policy number, patient ID, facility ID, setup date, device serial number, and modem serial number. Although Rotech is unaware of any misuse of information resulting from this event, we are providing this notice in an abundance of caution.
Philips Respironics subsequently contacted Rotech to inform Rotech that information related to Rotech patients may have been potentially impacted as a result of the Progress Software MOVEit Transfer security incident. On December 26, 2023, Philips Respironics provided a patient list containing potentially impacted individuals for Rotech to review. Rotech immediately began reviewing the patient list to confirm the data and obtain address information for potentially impacted individuals.
Philips Respironics notified impacted patients for whom it had current contact information and arranged to provide identity protection services including credit monitoring at no charge to affected patients. Individuals who did not receive notification but believe their information may have been affected can call the dedicated assistance line below.
If individuals have questions about this incident, they may contact a dedicated assistance line at 888-541-7970, Monday through Friday, from 9:00 AM to 9:00 PM Eastern Time (excluding major U.S. holidays). Additionally, it is always prudent to review health care statements for accuracy and report any services or charges that were not incurred to the provider or insurance carrier. As a best practice, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements for suspicious activity and to detect errors. Individuals may also place a fraud alert or credit freeze by contacting the credit reporting agencies: TransUnion 1-800-680-7289, P.O. Box 2000 Chester, PA 19016, transunion.com; Experian 1-888-397-3742, P.O. Box 9554 Allen, TX 75013, experian.com; Equifax 1-888-298-0045, P.O. Box 105069 Atlanta, GA 30348, equifax.com. Individuals can further educate themselves regarding identity theft, fraud alerts, credit freezes, and steps to protect their personal information by contacting the credit reporting bureaus, the Federal Trade Commission (“FTC”), or their state attorney general. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. Instances of known or suspected identity theft should also be reported to law enforcement, the state attorney general, and the FTC.