Family Physicians of Winter Park, Inc. Security Breach
On December 28, 2018 Family Physicians Group (FPG) notified patients in the Greater Orlando area that their personal information may have been exposed when an employee’s email account was subjected to phishing attacks.
Between August 7,2018 and August 21, 2018, Family Physicians of Winter Park, Inc. (“FPG”) was subjected to a sophisticated email phishing attack that resulted in a bad actor gaining access to an FPG employee’s email account that included Protected Health Information. FPG discovered the attack on August 21, 2018.
In order to determine if any personal information was contained in the employee’s emails that were accessed by the bad actor, a forensic review of the email account was conducted. Based on this review it was determined some of the emails or attachments contained information about approximately 8,400 FPG patients in the Orlando area. The patient information potentially disclosed included name, date of birth, health plan identification numbers and physician name but did not contain Social Security Numbers. The patients impacted were members of the following health plans:
- WellCare Health Plans
- Freedom Health Plans
- Aetna Health Plan
- Florida Medicare
- Florida Medicaid
To date FPG has no information indicating that any data has been inappropriately used, but should patients notice any changes in their explanation of benefit (EOB) letters or medical records, they should notify FPG right away at the number listed below.
While FPG has policies and procedures in place to maintain the security of your information, we have taken additional steps to protect patients against further incidents. FPG has implemented enhanced email security protections. A forced reset of all FPG employee passwords was implemented. The email application used by FPG employees has been upgraded to provide more substantial protections including an e-mail filtering security product to assist in blocking or flagging emails known to be a threat.
FPG patients who have any questions about this notice may contact FPG by e-mail at firstname.lastname@example.org or contact FPG Customer Service at 1-866-999-3741. If you have a speech or hearing impairment and use a TTY, call 711. In addition, any FPG patients who believe their information is being used by another party is urged to contact FPG at once so that we can work with the patient and law enforcement officials to promptly investigate the matter.