Anne Arundel Gastroenterology Associates, P.A., The Maryland Center for Digestive Health, LLC, and Bestgate Anesthesia, LLC Informational Website
May 28, 2025: Notice of Data Security Incident
Covenant Surgical Partners, Inc. (“CSP”) is providing notice of a recent cybersecurity incident that may have affected your personal information. CSP works with health care providers, including Anne Arundel Gastroenterology Associates, P.A., The Maryland Center for Digestive Health, LLC, and Bestgate Anesthesia, LLC, from which you may have received services or paid for someone else’s services. We are committed to protecting your information. This commitment includes notifying you if we believe that an incident may have involved your personal information. This letter provides information about the incident and the resources available to you.
Since it is possible that CSP may not have sufficient addresses for all potentially affected individuals, CSP is posting this substitute notice consistent with HIPAA.
What happened?
On February 22, 2025, CSP discovered that certain systems within its network may have been subject to unauthorized activity. Upon discovery, we took immediate steps to contain the threat and engaged a leading forensic firm at the direction of counsel to assist with investigation and remediation efforts. Through the investigation, on February 25, 2025, CSP determined that an unauthorized third party was able to access and remove data from its network on February 22, 2025. CSP performed a comprehensive review to identify individuals affected by this incident and to whom they belong. This review was completed on April 23, 2025, and we notified the above listed providers of the incident on April 25, 2025. CSP has since worked with those providers to locate and verify addresses for potentially affected individuals where possible, which was completed on May 9, 2025. To date, we are not aware of any misuse of individuals’ data.
What information may have been involved?
The personal information involved may have included one or more of the following elements: (1) information to identify and contact individuals (such as name, date of birth, address, and email address); (2) Social Security number; (3) driver’s license or state ID number or other government-issued identifier, and/or financial account information; (4) health insurance information (insurer name, subscriber name, policy information including type and policy number, Medicaid or Medicare numbers, and billing and claims information); and/or (3) patient medical information (medical record number, patient account number, provider name, diagnosis information, imaging or test results, and treatment and prescription information). Not all data elements were involved for each individual.
Also, some of this information may have related to guarantors. A guarantor is the person who agrees to pay the bill for health care services but is not the patient.
What we are doing.
CSP takes privacy and security very seriously. As soon as we discovered the incident, we immediately took action to mitigate and remediate the incident and to help prevent further unauthorized activity. We continue to enhance our security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future.
What you can do.
While we are not aware of any misuse of individuals’ information as a result of this incident to date, the below Reference Guide includes steps you may take to help monitor and protect your personal information. We also encourage you to carefully review statements sent from healthcare providers and insurance companies to ensure that all account activity is valid. Any questionable charges should be promptly reported to the provider or company with which the account is maintained.
Complimentary credit monitoring and identity protection services are also being offered to the limited subset of individuals whose Social Security number, driver’s license/state ID number or other government identifier, or financial account information may have been involved. Instructions on how to activate these services are included in the notice letters sent to affected individuals. For additional information, please call the toll-free number listed below.
For more information.
If you have any questions about this matter or would like additional information (including which types of your data may have been involved), please refer to the below Reference Guide or call toll-free 1-855- 200-7965. This call center is open from 9 am – 9 pm Eastern Time, Monday through Friday, except holidays.
We deeply regret any concern this incident may cause and want to assure you that we take this matter seriously.
REFERENCE GUIDE
Review Your Account Statements
Carefully review statements sent to you from your healthcare providers, insurance company, and financial institutions to ensure that all of your account activity is valid. Report any questionable charges promptly to the provider or company with which you maintain the account.
Provide Any Updated Personal Information to Your Health Care Provider
Your health care provider’s office may ask to see a photo ID to verify your identity. Please bring a photo ID with you to every appointment if possible. Your provider’s office may also ask you to confirm your date of birth, address, telephone, and other pertinent information so that they can make sure that all of your information is up-to-date. Please be sure and tell your provider’s office when there are any changes to your information. Carefully reviewing this information with your provider’s office at each visit can help to avoid problems and to address them quickly should there be any discrepancies.
Order Your Free Credit Report
To order your free annual credit report, visit www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.
Upon receiving your credit report, review it carefully. Look for accounts you did not open. Look in the “inquiries” section for names of creditors from whom you have not requested credit. Some companies bill under names other than their store or commercial names; the credit bureau will be able to tell if this is the case. Look in the “personal information” section for any inaccuracies in information (such as home address and Social Security Number).
If you see anything you do not understand, call the credit bureau at the telephone number on the report. Errors may be a warning sign of possible identity theft. You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected. If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing. Information that cannot be explained should also be reported to your local police or sheriff’s office because it may signal criminal activity.
Contact the U.S. Federal Trade Commission
If you detect any unauthorized transactions in any of your financial accounts, promptly notify the appropriate payment card company or financial institution. If you detect any incidents of identity theft or fraud, promptly report the matter to your local law enforcement authorities, state Attorney General and the FTC.
You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft by using the following contact information: Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580; 1-877-IDTHEFT (438-4338); www.ftc.gov/idtheft/.
Place a Fraud Alert on Your Credit File
To protect yourself from possible identity theft, consider placing a fraud alert on your credit file. A fraud alert helps protect against the possibility of an identity thief opening new credit accounts in your name. When a credit grantor checks the credit history of someone applying for credit, the credit grantor gets a notice that the applicant may be the victim of identity theft. The alert notifies the credit grantor to take steps to verify the identity of the applicant. You can place a fraud alert on your credit report by calling any one of the toll-free fraud numbers provided below. You will reach an automated telephone system that allows flagging of your file with a fraud alert at all three credit bureaus.
Equifax
P.O. Box 105069
Atlanta, Georgia 30348
1- 888-766-0008
Experian
P.O. Box 9554
Allen, Texas 75013
1-888-397-3742
TransUnion
P.O. Box 2000
Chester, PA 19016
1-800-680-7289
Security Freezes
You have the right to request a credit freeze from a consumer reporting agency, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze. A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent. If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze. Therefore, using a security freeze may delay your ability to obtain credit.
Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit bureau. To place a security freeze on your credit report you must contact the credit reporting agency by phone, mail, or secure electronic means and provide proper identification of your identity. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.
Below, please find relevant contact information for the three consumer reporting agencies:
| Equifax Security Freeze
P.O. Box 105788 Atlanta, GA 30348 1-800-685-1111 |
| Experian Security Freeze
P.O. Box 9554 Allen, TX 75013 1-888-397-3742 |
| TransUnion
P.O. Box 160 Woodlyn, PA 19094 1-888-909-8872 |
Once you have submitted your request, the credit reporting agency must place the security freeze no later than 1 business day after receiving a request by phone or secure electronic means, and no later than 3 business days after receiving a request by mail. No later than 5 business days after placing the security freeze, the credit reporting agency will send you confirmation and information on how you can remove the freeze in the future.
On request, any of the three nationwide consumer credit reporting companies can place a free fraud alert in your file to alert potential creditors that you may be a victim of identity theft; a fraud alert can make it more difficult for someone to get credit in your name because it tells creditors to follow certain procedures to protect you.
A fraud alert will help prevent someone from opening new accounts in your name. As soon as one credit reporting bureau confirms your fraud alert, the others are automatically notified to place fraud alerts as well. All three bureaus will mail you a confirmation letter and you will be able to order complimentary credit reports for your review.
The easiest way to place an alert is by visiting www.transunion.com or https://fraud.transunion.com/fa/fraudAlert.
You will answer some questions to confirm your identity, and then a 90-day fraud alert will be added to your credit file. TransUnion will give you access to view your report online. You should examine it carefully for accuracy. TransUnion will also share this information with Equifax and Experian who will both mail you confirmation letters containing a number to call to order complimentary copies of your credit reports for review.
To contact one of the credit reporting bureaus, please see below:
Equifax: 1-800-525-6285
PO Box 740260
Atlanta, GA 30374
Experian: 1-888-397-3742
PO Box 9554
Allen, TX 75013
TransUnion: 1-800-680-7289
PO Box 2000
Chester, PA 19016
It is only necessary to contact one of these bureaus and use one of these methods.
You will not be charged for this service. Please note placing a fraud alert may delay your ability to open new lines of credit quickly.
Whether or not you choose to enroll in the IDX identity protection program, you can order a copy of your credit report, for free, once a year from each credit reporting bureau. You can obtain a free credit report by visiting www.annualcreditreport.com or by calling 1-877-322-8228.
When you receive any credit report, you should review it carefully. Look for accounts you did not open. Look for inquiries from creditors that you did not initiate. Look for personal information, such as home address, employment or Social Security numbers, that are not accurate. If you see anything you do not understand, call the credit reporting bureau at the telephone number on the report.
If your credit report indicates fraud or identity theft, call your local police or sheriff’s office and file a report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. If you suspect that you may be a victim of identity theft and you have enrolled in the IDX identity protection program, you should contact them immediately. You will be able to speak with a knowledgeable advocate about your situation and, if needed, they will open a case to resolve the identity theft on your behalf.
Should you wish to learn more about identity theft and how to protect yourself, you may contact the Federal Trade Commission at 1-877-438-4338. The FTC website, www.consumer.ftc.gov, also offers additional information on identity theft that you may find helpful.
The security freeze (or credit freeze) is an option best reserved for people who have experienced extreme identity theft. Because the freeze essentially locks down your credit, it is not a good option for people who are simply seeking extra protection for their credit. We feel that credit monitoring, fraud alerts, and victim restoration services are more than sufficient options for defense against identity theft.
A security freeze will not prevent you from enrolling in our services. You can certainly sign up with us and do not need to lift the freeze to do so. The reason for this is because we do not request your Social Security number to enroll—only name, address, phone, and email. None of these items would necessitate a credit inquiry. However, a security freeze will affect your ability to activate the monitoring portion of your membership. To activate the monitoring portion you will need to temporarily lift your security freeze.
To learn more about security freezes and relevant state laws, contact your State Attorney General’s office or visit the Federal Trade Commission’s website for credit freeze information.
Please note that you must have an established credit file and credit history to place a fraud alert, a credit freeze or utilize www.annualcreditreport.com.