Data Media Associates Notifies Individuals of MOVEit Data Security Incident

ALPHARETTA, GEORGIA: AUGUST 24, 2023 - Data Media Associates ("DMA"), a Georgia-based value-added solutions provider serving the healthcare industry, has learned of a data security incident that may have involved personal and/or protected health information. DMA works with its client healthcare organizations to provide printing, mailing, and other healthcare billing fulfillment services. DMA has sent notification of this incident to potentially affected individuals and provided resources to assist them.

In June 2023, DMA became aware of an alert issued by the Cybersecurity and Infrastructure Security Agency ("CISA") addressing a critical vulnerability affecting MOVEit Transfer, a managed file transfer solution used widely by businesses and government agencies, including DMA, to securely transfer data. After becoming aware of the alert, DMA took immediate steps to patch its MOVEit system in accordance with the developer''s instructions. DMA thereafter undertook a comprehensive investigation with the assistance of leading external experts to learn more about the scope of any potentially affected data. Our investigation concluded on June 30, 2023, and revealed that certain data stored within MOVEit may have been acquired without authorization. Since that time, we have been working diligently to provide notice to our client healthcare organizations and gather information needed to provide notification to potentially affected individuals.

DMA provided notice of this incident to the potentially impacted individuals beginning on August 23, 2023. In so doing, DMA provided information about the incident and about steps that potentially affected individuals can take to protect their information. DMA takes the security and privacy of individuals' information very seriously. It has taken all remediation measures recommended by the MOVEit software developers and will be evaluating additional safeguards that can be put in place to further enhance the security of the data entrusted to it.

The following information may have been involved in the incident: Individuals' names, addresses, and high-level medical or health insurance information such as would appear on billing statements, invoices, or other claims-related documents. In some instances, the involved data also included health insurance ID numbers, which DMA understands may be the same as individuals'' Social Security numbers.

DMA has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time and can be reached at 1-888-979-0013.

The privacy and protection of personal and protected health information is a top priority for DMA, which deeply regrets any inconvenience or concern this incident may cause.

DMA is providing the following information to help those wanting to know more about steps they can take to protect themselves and their information:

What steps can I take to protect my personal information?

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).

Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com, calling toll-free 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies:

Fraud Alert: You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will stay on your credit file for at least one year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at www.annualcreditreport.com.

Security Freeze: You have the right to put a security freeze on your credit file for up to one year at no cost. This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. You must separately place a security freeze on your credit file with each credit reporting agency. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement.

Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state Attorney General about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state.

Additional information for residents of the following states:

Federal Trade Commission

600 Pennsylvania Ave, NW
Washington, DC 20580
consumer.ftc.gov
1-877-438-4338

New York Attorney General

Bureau of Internet and Technology Resources
28 Liberty Street
New York, NY 10005
ag.ny.gov
1-212-416-8433 / 1-800-771-7755

Maryland Attorney General

St. Paul Plaza
200 St. Paul Place
Baltimore, MD 21202
marylandattorneygeneral.gov
1-888-743-0023

Texas Attorney General

Bureau of Internet and Technology Resources
300 W. 15th Street
Austin, TX 78701
texasattorneygeneral.gov
1-800-621-0508

North Carolina Attorney General

9001 Mail Service Center
Raleigh, NC 27699
ncdoj.gov
1-877-566-7226

Rhode Island Attorney General

150 South Main Street
Providence, RI 02903
riag.ri.gov
1-401-274-4400

Virginia Attorney General

202 North Ninth Street
Richmond, VA 23219
oag.state.va.us
1-804-786-2071

Washington D.C. Attorney General

Washington D.C. Attorney General
400 S 6th Street, NW
Washington, DC 20001
oag.dc.gov
1-202-727-3400

You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information; as well as other rights. For more information about the FCRA, and your rights pursuant to the FCRA, please visit https://www.consumer.ftc.gov/articles/pdf-0096-fair-credit-reportingact.pdf.