Cyber Incident Victim: Metro Infectious Disease Consultants

On June 24, 2021, Metro Infectious Disease Consultants (MIDC) identified unauthorized access to certain employee email accounts by an external party. The organization initiated an investigation but found no evidence confirming that personal information was actually viewed or acquired by the unauthorized actor. MIDC also stated there was no indication of fraud or identity theft stemming from the incident. Despite this uncertainty, MIDC conducted a review of the compromised email accounts and determined they contained personal information belonging to 171,740 individuals. The exposed data varied per individual but potentially included names, addresses, dates of birth, account numbers, insurance details, prescription information, limited clinical data, Social Security numbers, and driver's license numbers.

MIDC immediately secured the affected email accounts to prevent further unauthorized access following the discovery. The organization engaged a forensic security firm to investigate the breach and assess the integrity of its email and computer systems. MIDC also began evaluating additional security enhancements to prevent future incidents. Notification letters were sent to all potentially impacted individuals with valid mailing addresses, accompanied by offers for complimentary identity protection and credit monitoring services specifically for those whose Social Security numbers or driver's license numbers were exposed. The notices included guidance on monitoring credit reports, account statements, and benefit statements for suspicious activity, along with instructions to report any detected fraud to relevant institutions and law enforcement agencies. MIDC established a toll-free inquiry line operational during Central Time business hours to address concerns related to the incident.