Menu Close

Notice of Network Security Incident

Notice Regarding Network Security Incident 

CCM Health is committed to our employees and our patients, their treatment, and their families – as well as protecting the privacy and security of their personal information. We learned certain systems within our network environment were affected by a cybersecurity incident that resulted in the unauthorized access to and/or acquisition of certain files from the network, which occurred between April 3, 2023, and April 10, 2023. As soon as we became aware of this issue, we launched an immediate and thorough investigation and alerted law enforcement.

As part of the investigation, we engaged leading third-party cybersecurity professionals experienced in handling these types of incidents. The investigation aimed to determine the extent of the activity, and whether individual personal information, if any, may have been accessed or acquired by an unauthorized third party. Upon completing the investigation, we identified the files that were subject to unauthorized access and/or acquisition and we determined the impacted files likely contain sensitive data; including personal information and protected health information. We conducted an extensive manual review of the impacted files to determine the scope of the affected information and to identify the individuals to whom the data belongs. On February 12, 2024 we discovered that some of the files contained individual identifiable personal and/or health information. The potentially affected data includes individual names, addresses, dates of birth, driver’s license or other state identification numbers, passport numbers, Social Security numbers, financial account numbers, routing numbers, payment card numbers, health insurance information, and medical information. If medical information was involved, this may include a medical record number, patient account number, prescription information, healthcare provider’s name, medical diagnosis, diagnosis code, treatment type, treatment location, treatment date, admission date, discharge date, and/or lab results. This is not an exhaustive list, nor can we confirm that each aforementioned data element was affected as it relates to all affected individuals. We began notifying affected individuals via U.S. mail, and will offer complementary credit monitoring services to those whose Social Security numbers were involved.

We remind individuals to remain vigilant in reviewing financial account statements on a regular basis for any fraudulent activity. We also recommend that our patients and their families review the explanation of benefits statements, and follow up on any items not recognized.  Additional safeguards to protect personal and health information are below.

Privacy and security are our top priorities. We have taken immediate action to protect health and personal information and are enhancing our cybersecurity protocols. We continuously evaluate and refine our practices to enhance the security and privacy of personal and protected health information, and we are implementing measures to reinforce our existing cybersecurity protocols.

For any questions or further information regarding this incident, please contact our dedicated toll-free response line at 1-833-966-0881. The response line is available Monday through Friday, 7:00 a.m to 7:00 p.m. CST, excluding holidays. We appreciate your understanding as we respond to this unfortunate incident. 

Other Important Information

Placing a Fraud Alert on Your Credit File.

We recommend that you place an initial 1-year “fraud alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others. 

P.O. Box 105069
Atlanta, GA 30348-5069
(800) 525-6285

P.O. Box 9554
Allen, TX 75013
(888) 397-3742

Fraud Victim Assistance Department
P.O. Box 2000
Chester, PA 19016-2000
(800) 680-7289

Consider Placing a Security Freeze on Your Credit File.

If you are very concerned about becoming a victim of fraud or identity theft, you may request a “Security Freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by contacting all three nationwide credit reporting companies at the numbers below and following the stated directions or by sending a request in writing, by mail, to all three credit reporting companies:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348-5788

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013
(888) 397-3742

TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094
(888) 909-8872

In order to place the security freeze, you will need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit reporting company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.

Obtaining a Free Credit Report.

Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at Once you receive your credit reports, review them for discrepancies. 

Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company. 

Protecting Your Health Information.

As a general matter, the following practices can help to protect you from medical identity theft. 

• Only share your health insurance cards with your health care providers and other family members who are covered under your insurance plan or who help you with your medical care. 

• Review your “explanation of benefits” statement that you receive from your health insurance company. Follow up with your insurance company or the care provider for any items you do not recognize. If necessary, contact the care provider on the explanation of benefits statement and ask for copies of medical records from the date of the potential disclosure (April 3, 2023) to current date. 

• Ask your insurance company for a current year-to-date report of all services paid for you as a beneficiary. Follow up with your insurance company or care provider for any items you do not recognize. 

Additional Helpful Resources.

Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly. 

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes. 

If your personal information has been used to file a false tax return, to open an account or to attempt to open an account in your name or to commit fraud or other crimes against you, you may file a police report in the City in which you currently reside. 

To view our notification concerning the network security incident, please click here.