Arietis Health, LLC (“Arietis Health”) provides healthcare billing services to NorthStar Anesthesia, which manages healthcare entities that provide anesthesia and pain management services (the “Healthcare Entities”). Arietis Health determined that information belonging to certain patients of those Healthcare Entities, which it received in connection with the billing services it provides, may have been involved in a data security incident. The Healthcare Entities whose patient information may have been involved in the incident are listed below. On September 29, 2023, Arietis Health began notifying potentially impacted individuals.
On May 31, 2023, Progress Software – the company responsible for MOVEit file transfer software – alerted Arietis Health to a critical vulnerability affecting MOVEit, a solution used widely by businesses and government agencies, including Arietis Health, to securely transfer data. After becoming aware of the alert, Arietis Health took immediate steps to secure and patch its MOVEit server in accordance with Progress Software’s instructions. Arietis Health thereafter engaged leading, independent cybersecurity experts to conduct a comprehensive investigation. On July 26, 2023, the investigation determined that unauthorized actors had access to Arietis Health’s MOVEit server on May 31, 2023, and may have acquired certain files which contained data belonging to patients of the Healthcare Entities. On August 3, 2023, Arietis Health informed NorthStar Anesthesia of the incident, and reviewed the impacted data to determine what information may have been involved in the incident.
This incident may have involved the following information for patients of the Healthcare Entities listed below, including patient names, dates of birth, driver’s license or other state identification card numbers, addresses, Social Security numbers, medical record numbers, patient account numbers, health insurance information, diagnosis and treatment information, clinical and prescription information, and/or provider information.
Arietis Health is sending letters with information about the incident to patients of the Healthcare Entities whose information may have been involved. Arietis is also offering those patients complimentary credit and identity monitoring services, and encourages them to enroll in those services. In addition, Arietis Health has established a toll-free call center to answer questions about the incident and to address related concerns. Call center representatives are available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time, excluding major U.S. holidays, and can be reached at 855-657-4306 or you can go to https://app.medicalshield.cyex.com/enrollment/activate/.
The privacy and protection of the information it maintains is a top priority for Arietis Health, and Arietis Health deeply regrets any inconvenience or concern this incident may cause.
Please see below for a list of the Healthcare Entities whose patient data may have been involved in the incident. Also included below are additional steps affected individuals can take to protect their information.
AmSol Physicians of Elkin, NC, PLLC
Anesthesia Company of Houston, PLLC
Anesthesia Resources Management Solutions, Inc
Coronado Anesthesia, PLLC
Digestive Health Specialists of SE
Dupont Anesthesia, PSC
Epix Anesthesia of Alabama, LLC
Epix Anesthesia of Tennessee, PLLC
Epix Medical Services of Houston, PLLC
Gastro South Anesthesia, LLC
Gastroenterology Consultants of Augusta, PC
GI Associates of West Alabama, PC
KBS Anesthesia, Inc
Lehigh Anesthesia Associates, PC
Northeast Gastroenterolgy Center, Inc
Northern Tier Gastroenterology, Inc
Northern Virginia Surgery Center Anesthesia, LLC
NorthStar Anesthesia II, PA
NorthStar Anesthesia III, PA
NorthStar Anesthesia of Delaware, LLC
NorthStar Anesthesia of Illinois, LLC
NorthStar Anesthesia of Indiana II, LLC
NorthStar Anesthesia of Indiana, LLC
NorthStar Anesthesia of Kansas, LLC
NorthStar Anesthesia of Kentucky, PLLC
NorthStar Anesthesia of Michigan II, PC
NorthStar Anesthesia of Michigan III, PLLC
NorthStar Anesthesia of Michigan, LLC
NorthStar Anesthesia of Mississippi, LLC
NorthStar Anesthesia of Missouri, LLC
NorthStar Anesthesia of Montana, PLLC
Northstar Anesthesia of Nebraska, PLLC
NorthStar Anesthesia of Ohio, LLC
NorthStar Anesthesia of Oklahoma, PLLC
NorthStar Anesthesia of Pennsylvania, LLC
NorthStar Anesthesia of Tennessee, PLLC
NorthStar Anesthesia of Virginia, LLC
NorthStar Anesthesia of West Virginia, PLLC
NorthStar Anesthesia, PA
NSA Pain Services of Michigan III, PLLC
NSA Pain Services of Michigan, PLLC
Nurse Anesthesia of North Carolina, PLLC
Orange City Anesthesia Services, LLC
PhySynergy, LLC AL
PhySynergy, LLC TN
Professional Anesthesia Group, LLC
Professional Anesthesia Services of Kentucky, PLLC
River Cities Anesthesia, LLC
Riverside Anesthesia Services, LLC
Sarasota Anesthesia Services, LLC
Sentry Anesthesia Management, LLC
Southwest Ohio Anesthesia Consultants, LLC
Space Coast Anesthesia, LLC
Sunset Anesthesia, LLC
What steps can I take to protect my information?
While Arietis Health has no evidence of the misuse of any potentially affected individual’s information as a result of this incident, Arietis Health is providing the following information about steps that individuals can take to help protect their information:
Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you review your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC). You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:
- Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Ave, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), consumer.ftc.gov, www.ftc.gov/idtheft.
Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print this form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. You also can contact one of the following three national credit reporting agencies:
- Equifax, P.O. Box 740241, Atlanta, GA 30374, 1-800-525-6285, equifax.com.
- Experian, P.O. Box 9532, Allen, TX 75013, 1-888-397-3742, experian.com.
- TransUnion, P.O. Box 1000, Chester, PA 19016, 1-800-916-8800, transunion.com.
Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state attorney general about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the attorney general in your state.
Additional information for residents of the following states:
|Pennsylvania Attorney General
Harrisburg, PA 17120
|Maryland Attorney General
200 St. Paul Place
Baltimore, MD 21202
|New York Attorney General
Bureau of Internet and Technology Resources
28 Liberty Street
New York, NY 10005
|North Carolina Attorney General
9001 Mail Service Center
Raleigh, NC 27699
|Rhode Island Attorney General
150 South Main Street
Providence, RI 02903
|Washington D.C. Attorney General
441 4th Street, NW
Washington, DC 20001