Notice of Privacy Incident

Bassett Healthcare Network deeply values your trust in us as your healthcare partner. As part of our commitment to transparency, this notice contains information about a recent data security incident that involved some of our patients’ personal information.

What Happened?

On February 10, 2025, our Compliance Office received a report that a Bassett Healthcare Network physician was collecting unauthorized pieces of patient information from our systems. We immediately launched an internal investigation, and that investigation confirmed the physician had transmitted protected health information to individuals not affiliated with Bassett Healthcare Network and to personal devices without authorization. We have no reason to believe the physician has used this data to harm or endanger patients. The physician is no longer employed by Bassett Healthcare Network.

What Information Was Involved?

Based on our review, we determined that the personal information accessed may have included affected patients’ full names, date of birth, age, sex/gender, medical record number, email address, primary care provider, patient portal enrollment status, and zip code. In some cases, medical diagnoses and procedure history were also involved. The types of impacted information varied by individual. There is no evidence that financial data or identifying factors like social security numbers were compromised.

What We Are Doing:

Please be assured that Bassett has quickly implemented tighter safeguards in our systems to better protect patient privacy and increase security. We continue to work very closely with cybersecurity experts and other professionals to put in place additional best practices for information security and privacy.

What You Can Do:

We have no evidence that any information has been misused as a result of this incident. We also have no reason to believe affected patients are at risk for identity theft or financial fraud. However, we have provided resources below that offer precautionary measures you can take to protect your personal information if you believe you may have been impacted by this incident. Additionally, we encourage you to remain vigilant in reviewing your financial account statements and credit reports for fraudulent or unusual activity on a regular basis.

For More Information:

Please accept our sincerest apologies that this incident occurred. If you believe you may have been impacted, and did not receive a notification letter or have questions, please call our dedicated and confidential, toll-free helpline at 855-549-2520. Our helpline is available Monday through Friday, from 9 a.m. to 9 p.m. Eastern Time.

Again, we sincerely apologize for this incident. Our patients entrust us with their care, and an important part of this includes keeping your personal information private, secure, and safe. Bassett is committed to ensuring the protection of our patients’ information and preventing further incidents from happening in the future.

Other Important Information

1) Protecting Your Medical Information

As a general matter, the following practices can provide additional safeguards to protect against medical identity theft.

Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care.
Review your “explanation of benefits statement” which you receive from your health insurance company.
Follow up with your insurance company or care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential access (noted above) to current date.
Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary.

2) Additional Helpful Resources

Out of an abundance of caution, please see below for contact information for organizations that provide information regarding identity theft prevention and protection.

TransUnion

Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016-2000
https://www.transunion.com/fraud-alerts
(800) 680-7289

TransUnion Security Freeze

P.O. Box 160
Woodlyn, PA 19094
https://www.transunion.com/credit-freeze
(888) 909-8872

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at www.ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.

New York Residents: You may obtain information about preventing identity theft from the New York Attorney General’s Office: Office of the Attorney General, The Capitol, Albany, NY 12224-0341; https://ag.ny.gov/consumer-frauds-bureau/identity-theft; Telephone: 800-771-7755.

Notice of Privacy Incident