Skip to content
Notice of Data Security Incident
PROWERS COUNTY HOSPITAL DISTRICT, A COLORADO SPECIAL HEALTH DISTRICT, IS PROVIDING NOTICE OF AN INCIDENT THAT MAY AFFECT THE PRIVACY OF PERSONAL INFORMATION.
Prowers County Hospital District, a Colorado special health district, commonly known as “Prowers Medical Center” is providing notice of an incident that may affect the privacy of personal information. We prioritize providing high-quality care and being your leader in complete and compassionate care, which includes privacy and securing information entrusted to us. Upholding privacy standards and providing nondiscriminatory care are highly valued at Prowers Medical Center. Regrettably, an incident impacting an outside law firm, one of our business associates, may affect the privacy of personal information. While there is no evidence that Prowers Medical Center’s data was actually accessed, we provide this notice in an abundance of caution.
Potentially affected individuals have or will receive additional correspondence by mail. You may also contact 1-800-939-4170 to find out if your information may have been exposed.
What Happened? On January 29, 2022, Sherman & Howard, LLC (our business associate) (the “firm”) discovered a potential unauthorized access to its network. The firm further investigated to determine the nature and scope of the incident.
On May 31, 2022, based on its investigation, the firm determined that unauthorized access began on January 25, 2022, and ended on January 29, 2022. The firm also determined that limited information related to Prowers Medical Center from a single case file may have been impacted as part of this event. While the firm has no evidence that the case file related to Prowers Medical Center was actually accessed as part of this event, the firm’s team reviewed the file for sensitive information in an abundance of caution.
At the conclusion of the investigation, the firm informed Prowers Medical Center that files associated with a single legal matter were potentially exposed in the incident but there is no evidence of misuse of this information. As part of its response, the firm took steps to enhance the security of its systems including immediately implementing 24x7x365 security event monitoring, mandatory password changes, updating firewall settings to block traffic from countries known for malicious behavior, enabling multifactor authentication on additional accounts, and enhancing the deployment of Carbon Black’s EDR threat hunting tools across its system.
There is also no indication of ongoing unauthorized activity on the firm’s network. Prowers Medical Center’s network was not directly affected.
Please note that Prowers Medical Center’s network was not directly affected. Records have been and remain available to our administrative teams and medical providers. We continue to provide the quality care and services our community, patients, and employees have come to expect.
What Information Was Involved? The information that may have been exposed varies in quantity and type for each person. The information may include one or more items including first and last names, date of birth, address, limited medical treatment or diagnosis information, insurance information, and in some cases the patient’s diagnosis and Social Security Numbers.
What Are We Doing? We regret the situation and its impact on our patients, employees, and all potentially impacted individuals. To safeguard our patient information, we will continue to monitor our business associate’s remedial actions. We continue to review and update our information security policies and requirements for all business associates. We also continue to evaluate our local IT system.
We are offering FREE identity theft protection services for 24 months through IDX, the data breach and recovery services expert, to individuals whose data may have been exposed. IDX identity protection services include 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
Potentially affected individuals have or will receive additional correspondence by mail. You may also contact 1-800-939-4170 to find out if your information may have been exposed.
Whom Should Individuals Contact for More Information? To get further information, you may call a toll-free number 1-800-939-4170 from 7 a.m. – 7 p.m. Mountain Time, Monday through Friday. We are sorry for any inconvenience or concern this incident may cause you.
For more information about Prowers Medical Center’s privacy practices, please view our notice of privacy practices.
Additional Important Information
We encourage you to contact IDX with any questions. Potentially impacted or eligible individuals may enroll in free identity protection services by calling 1-800-939-4170 or going to https://app.idx.us/account-creation/protect and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 7 am – 7 pm Mountain Time. Please note the deadline to enroll is December 29, 2022.
Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.
As a precautionary measure, we also recommend that you remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing your account statements and monitoring credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and your state’s attorney general, as well as the Federal Trade Commission (“FTC”).
You may wish to review the tips provided by the FTC on fraud alerts, security/credit freezes and steps you can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). You may also contact the FTC at Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Credit Reports: You may obtain a free copy of your credit report once every 12 months from each of the three national credit reporting agencies by visiting www.annualcreditreport.com, by calling toll-free at 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at:
https://www.annualcreditreport.com/manualRequestForm.action.
Alternatively, you may elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies. Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your credit report or for general inquiries is as follows:
| Equifax
P. O Box 740241 Atlanta, GA 30348 |
Experian
P.O. Box 9554 Allen, TX 75013 |
TransUnion
P.O. Box 160 Woodlyn, PA 19094 |
Fraud Alerts: You may want to consider placing a fraud alert on your credit report. A fraud alert is free and will stay on your credit report for one (1) year. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any new accounts in your name. To place a fraud alert on your credit report, contact any of the three national credit reporting agencies using the contact information listed above. Additional information is available at www.annualcreditreport.com.
Credit and Security Freezes: You may have the right to place a credit freeze, also known as a security freeze, on your credit file, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A credit freeze can be placed without any charge and is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit reporting company. Since the instructions for how to establish a credit freeze differ from state to state, please contact the three major credit reporting companies as specified below to find out more information:
| Equifax Security Freeze
P.O. Box 105788 Atlanta, GA 30348 |
Experian Security Freeze
P.O. Box 9554 Allen, TX 75013 |
TransUnion Security Freeze
P.O. Box 160 Woodlyn, PA 19094 |
This notification was not delayed by law enforcement. Individuals interacting with credit reporting agencies have rights under the Fair Credit Reporting Act.
We encourage you to review your rights under the Fair Credit Reporting Act by visiting https://files.consumerfinance.gov/f/documents/bcfp_consumer-rights-summary_2018-09.pdf, or by requesting information in writing from the Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.
California Residents: Visit the California Office of Privacy Protection (www.oag.ca.gov/privacy) for additional information on protection against identity theft. Office of the Attorney General of California, 1300 I Street, Sacramento, CA 95814, Telephone: 1-800-952-5225.
Colorado Residents: Colorado residents may contact the Office of the Attorney General to obtain more information. 1300 Broadway, 10th Floor Denver, CO 80203, https://coag.gov/about-us/contact-colorado-office-attorney-general/, Telephone: 720-508-6000.
Iowa Residents: Iowa residents can contact the Office of the Attorney general to obtain information about steps to take to avoid identity theft from the Iowa Attorney General’s office at: Office of the Attorney General of Iowa, Hoover State Office Building, 1305 E. Walnut Street, Des Moines IA 50319, 515-281-5164.
Kentucky Residents: Office of the Attorney General of Kentucky, 700 Capitol Avenue, Suite 118 Frankfort, Kentucky 40601, www.ag.ky.gov, Telephone: 1-502-696-5300.
Maryland Residents: Maryland residents can contact the Office of the Attorney General to obtain information about steps you can take to avoid identity theft from the Maryland Attorney General’s office at: Office of the Attorney General, 200 St. Paul Place, Baltimore, MD 21202, (888) 743-0023, http://www.marylandattorneygeneral.gov/.
New York State Residents: New York residents can obtain information about preventing identity theft from the New York Attorney General’s Office at: Office of the Attorney General for the State of New York, Bureau of Consumer Frauds & Protection, The Capitol, Albany, New York 12224-0341; https://ag.ny.gov/consumer-frauds/identity-theft; (800) 771-7755.
North Carolina Residents: North Carolina residents can obtain information about preventing identity theft from the North Carolina Attorney General’s Office at: North Carolina Attorney General’s Office, Consumer Protection Division, 9001 Mail Service Center, Raleigh, NC 27699-9001; 877-5-NO-SCAM (Toll-free within North Carolina); 919-716-6000; www.ncdoj.gov.
Oregon Residents: Oregon Department of Justice, 1162 Court Street NE, Salem, OR 97301-4096, www.doj.state.or.us/, Telephone: 877-877-9392
Rhode Island Residents: Rhode Island residents can contact the Office of the Attorney general at: Rhode Island Office of the Attorney General, 150 South Main Street, Providence, RI 02903, (401) 274-4400, www.riag.ri.gov. You have the right to obtain any police report filed in regard to this incident. If you are the victim of identity theft, you also have the right to file a police report and obtain a copy of it.
Vermont Residents: If you do not have internet access but would like to learn more about how to place a security freeze on your credit report, contact the Vermont Attorney General’s Office at 802-656-3183 (800-649-2424 toll-free in Vermont only).
All US Residents: Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW Washington, DC 20580, https://consumer.ftc.gov, 1-877-IDTHEFT (438-4338), TTY: 1-866-653-4261.