Mirra Health Care, LLC (“Mirra”) announced today that it had discovered that certain personal information of 1064 individuals was disclosed by a Mirra employee. The information, which Mirra had stored on behalf of Access Health Care PLLC, was disclosed due to an inappropriate disclosure by the employee. Affected individuals will be individually notified by letter.
The employee was hired to perform information technology services and, as part of the employee’s duties, on July 27, 2020 was given access to data files containing personal information. In violation of Mirra’s information security policies, and without authorization to do so, this employee, in turn, gave access to an individual outside of Mirra. Mirra learned of this disclosure on or around September 3, 2020. The employee’s access to personal information was immediately revoked and all data was removed from the location where it had been stored. Originally, the employee in question provided assurances that all copies of the information had been destroyed and not further used or disclosed, and Mirra had reason to believe such was the case. Unfortunately, Mirra was unable to definitively confirm this understanding.
Included in the disclosed information was the following information about these individuals: name, in some cases social security number, address, phone number, date of birth, health insurance plan name and policy numbers, and information concerning health. At this time, Mirra is unaware of any improper use of the information that was accessed, and it is possible that all the data was destroyed without further use or disclosure.
Mirra has investigated, and is continuing to investigate, this incident. It has also taken steps to limit future security incidents and taken appropriate action with regard to the employee in question.
Mirra is providing impacted individuals with one year of free credit monitoring services through Kroll. Mirra encourages individuals to take steps to protect themselves from any unwanted use of information, which may include monitoring credit reports on a regular basis, reporting any irregular activity to banks or credit card companies, placing a credit freeze on credit files, and/or placing a fraud alert on credit reports.
Those whose personal information has been misused can obtain information about steps to take to avoid identity theft by visiting the FTC’s site at IdentityTheft.gov to get recovery steps and to file an identity theft complaint. They also can call the FTC’s Consumer Response Center at 1-877-FTC-HELP (1-877-382-4357) or contact the FTC by mail at 600 Pennsylvania Avenue, NW, Washington, DC 20580.
If you have any questions about this incident, please contact Mirra at 352-410-1550 and ask for Juan Triana, or you can send questions by mail to Mirra Health Care, 1202 Mariner Blvd Spring Hill, FL 34609 or by email to privacy@mirrahealthcare.com.