Medico of South Carolina (“Medico”) values the relationship we have with our clients and understands the importance of protecting personal information. This notice relates to a security incident that may have involved some of our clients’ patients' personal information.

On June 20, 2019, a security research firm notified us that a computer server we use to store medical information was accessible over the internet. Upon learning of this, we immediately began an investigation and terminated all access to the affected server.

A thorough investigation was conducted to determine what happened, who was impacted, and what information may have been affected. This investigation determined the incident was caused by an employee who inadvertently misconfigured the settings, which caused the server to be temporarily accessible from the internet. While Medico has no evidence that the server was accessed by anyone other than the security research firm and Medico employees, the server was used to store information related to patient care, including name, address, date of birth, insurance ID, and physician’s name and address. Social Security numbers and financial information were not stored on the affected server.

At this time, Medico has no evidence that the affected individuals’ information has been misused. However, in an abundance of caution, Medico mailed letters to the potentially affected individuals on September 16, 2019. Medico established a dedicated phone line for individuals to call with any questions.

Individuals who believe they are affected by this incident but who have not received a letter by September 23, 2019 are encouraged to call 855-939-0542, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Standard Time. To help prevent a similar incident from happening in the future, Medico has reconfigured the server so that this information is no longer accessible from the internet and added additional security to its internet-based storage platforms. Medico is also providing additional and ongoing staff data security training and reviewing existing security and privacy policies to enhance the security protections it already has in place.

Medico deeply regrets any inconvenience caused by this incident.