Nationwide Optometry
and SightCare
Web informatif

 October 28, 2022 Notice of Data Security Incident

USV Optical, Inc., a subsidiary of U.S. Vision, Inc., (“U.S. Vision”) experienced a data security incident that may have affected your personal information. Nationwide Optical Group, LLC acquired or became affiliated with several entities from U.S. Vision in September 2019, including Nationwide Optometry, P.C. (“Nationwide Optometry”) and SightCare Inc. (“SightCare” and collectively, “we”, “us”, or “our”). Following this, U.S. Vision continued to provide us with some administrative services as a business associate to us. The records reviewed by U.S. Vision indicate that you may have received services from us at some point in the past.

U.S Vision has represented to us that on May 12, 2021, U.S. Vision became aware of suspicious activity involving its computer network. U.S. Vision launched an investigation into the nature and scope of the incident with the assistance of cybersecurity specialists. Through its investigation, U.S. Vision learned that an unauthorized individual accessed its network intermittently between April 20, 2021 and May 17, 2021, and that files containing your information may have been viewed and/or taken by the unauthorized individual.

U.S. Vision informed us of this incident on May 12, 2021, but was unable to identify which entities or patients were affected by this incident. We immediately began communications with U.S. Vision to obtain more information regarding this incident and determine whether any of our patients were affected. We also insisted that U.S. Vision institute dark web monitoring for any potential Nationwide Optometry and SightCare data that could have been involved in this incident. U.S Vision did not report any instances of actual or attempted misuse of Nationwide Optometry or SightCare information through its dark web monitoring.

In addition, U.S. Vision has represented that, with third-party support, it conducted a comprehensive review of the impacted files to determine what information was affected and to whom the information related. On September 22, 2022, we received confirmation from U.S. Vision that your personal information was involved in this incident. We then conducted additional data enrichment and validation to further confirm impacted individuals and their mailing addresses, and the entities with which such individuals were associated. This review was completed on October 17, 2022.

Personal information involved in this incident may have included one or more of the following elements: (1) identifying information (such as full name, date of birth, and address); (2) Social Security number, taxpayer identification number, driver’s license or state identification number, and/or financial account information; (3) medical and/or treatment information (such as medical record number, dates of service, provider name, diagnosis or symptom information, and prescription/medication); (4) health insurance information (such as payor and subscriber/Medicare/Medicaid number); and (5) billing and claims information. Please note that not all data elements were present for all individuals. For a limited number of individuals, biometric data and/or email address or username and password were also included in the affected data.

U.S. Vision has stated that upon discovering the incident, it moved quickly to investigate and respond, assess the security of relevant U.S. Vision systems, and identify any impacted data. As part of its ongoing commitment to the security of information, U.S. Vision has stated that it is evaluating opportunities to improve security and to better prevent future events of this kind. We take privacy and security very seriously. This incident did not impact our systems or files—it occurred at and impacted only U.S. Vision systems and files. We have and continue to enhance our security controls and monitor our systems to ensure no similar activity occurs on our systems.

We are providing additional information on general steps individuals can take to monitor and protect their personal information in the below Reference Guide. Although U.S. Vision did not report any incidents of actual or attempted misuse of Nationwide Optometry or SightCare information through its dark web monitoring, individuals should carefully review credit reports and statements sent from healthcare providers and financial institutions as well as their insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the company which maintains the account. For individuals whose Social Security number, driver’s license/state ID number, and/or financial account information may have been involved, we have arranged to offer free credit monitoring and identity restoration services to these individuals.

We have established a dedicated assistance line for individuals seeking additional information regarding this incident. For the next 90 days, individuals who have questions about this matter or would like additional information can call toll-free 1-833-814-1705 during 6 am – 6 pm Pacific Time, Monday through Friday, except holidays. This substitute notice and toll-free number will remain active for at least 90 days.

Nationwide Optometry and SightCare are committed to protecting the privacy and security of personal information that it receives and deeply regrets any inconvenience and concern this incident may cause.  Individuals potentially affected by this incident are being mailed notice letters. Since it is possible there may be insufficient contact information for some individuals, however, this notice is also accessible via Nationwide Optometry’s and SightCare’s website, consistent with HIPAA.

Reference Guide

Review Your Account Statements

Carefully review statements sent to you from your healthcare providers, insurance company, and financial institutions to ensure that all of your account activity is valid.  Report any questionable charges promptly to the company with which you maintain the account.

Provide Any Updated Personal Information to Your Health Care Provider

Your health care provider’s office may ask to see a photo ID to verify your identity.  Please bring a photo ID with you to every appointment if possible.  Your provider’s office may also ask you to confirm your date of birth, address, telephone, and other pertinent information so that they can make sure that all of your information is up-to-date.  Please be sure and tell your provider’s office when there are any changes to your information.  Carefully reviewing this information with your provider’s office at each visit can help to avoid problems and to address them quickly should there be any discrepancies.

Order Your Free Credit Report

To order your free annual credit report, visit www.annualcreditreport.com, call toll-free at (877) 322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281.  The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.

Upon receiving your credit report, review it carefully.  Look for accounts you did not open.  Look in the “inquiries” section for names of creditors from whom you have not requested credit.  Some companies bill under names other than their store or commercial names; the credit bureau will be able to tell if this is the case.  Look in the “personal information” section for any inaccuracies in information (such as home address and Social Security Number).

If you see anything you do not understand, call the credit bureau at the telephone number on the report.  Errors may be a warning sign of possible identity theft.  You should notify the credit bureaus of any inaccuracies in your report, whether due to error or fraud, as soon as possible so the information can be investigated and, if found to be in error, corrected.  If there are accounts or charges you did not authorize, immediately notify the appropriate credit bureau by telephone and in writing.  Information that cannot be explained should also be reported to your local police or sheriff’s office because it may signal criminal activity.

Contact the U.S. Federal Trade Commission 

If you detect any unauthorized transactions in any of your financial accounts, promptly notify the appropriate payment card company or financial institution. If you detect any incidents of identity theft or fraud, promptly report the matter to your local law enforcement authorities, state Attorney General and the FTC.

You can contact the FTC to learn more about how to protect yourself from becoming a victim of identity theft by using the contact information below:

Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
1-877-IDTHEFT (438-4338)
www.ftc.gov/idtheft/

Place a Fraud Alert on Your Credit File

To protect yourself from possible identity theft, consider placing a fraud alert on your credit file.  A fraud alert helps protect against the possibility of an identity thief opening new credit accounts in your name.  When a credit grantor checks the credit history of someone applying for credit, the credit grantor gets a notice that the applicant may be the victim of identity theft.  The alert notifies the credit grantor to take steps to verify the identity of the applicant.  You can place a fraud alert on your credit report by calling any one of the toll-free fraud numbers provided below.  You will reach an automated telephone system that allows flagging of your file with a fraud alert at all three credit bureaus.

Le gel de la sécurité

You have the right to request a credit freeze from a consumer reporting agency, free of charge, so that no new credit can be opened in your name without the use of a PIN number that is issued to you when you initiate a freeze.  A security freeze is designed to prevent potential credit grantors from accessing your credit report without your consent.  If you place a security freeze, potential creditors and other third parties will not be able to get access to your credit report unless you temporarily lift the freeze.  Therefore, using a security freeze may delay your ability to obtain credit.

Unlike a fraud alert, you must separately place a security freeze on your credit file at each credit bureau. To place a security freeze on your credit report you must contact the credit reporting agency by phone, mail, or secure electronic means and provide proper identification of your identity.  The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles.  The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue.

Below, please find relevant contact information for the three consumer reporting agencies:

Once you have submitted your request, the credit reporting agency must place the security freeze no later than 1 business day after receiving a request by phone or secure electronic means, and no later than 3 business days after receiving a request by mail.  No later than five business days after placing the security freeze, the credit reporting agency will send you confirmation and information on how you can remove the freeze in the future.

Ressources supplémentaires

• Alertes à la fraude

• ---

• Sur demande, l’une des trois sociétés nationales d’évaluation du crédit à la consommation peut enregistrer gratuitement une alerte à la fraude dans votre dossier afin d’avertir les créanciers potentiels que vous pourriez être victime d’une usurpation d’identité. Une alerte à la fraude peut rendre plus difficile l’obtention d’un crédit en votre nom, car elle indique aux créanciers de suivre certaines procédures pour vous protéger.

  Une alerte à la fraude aidera à empêcher quelqu’un d’ouvrir de nouveaux comptes en votre nom. Dès qu’une agence d’évaluation du crédit confirme votre alerte à la fraude, les autres agences sont automatiquement informées de la nécessité de lancer également ces alertes. Les trois agences vous enverront une lettre de confirmation et vous pourrez commander gratuitement des rapports de solvabilité pour vérification.

  La façon la plus simple de placer une alerte est de consulter le site www.transunion.com or https://fraud.transunion.com/fa/fraudAlert.

  Vous répondrez à quelques questions afin de confirmer votre identité, puis une alerte à la fraude de 90 jours sera ajoutée à votre dossier de crédit. TransUnion vous donnera accès à la consultation de votre rapport en ligne. Vous devrez l’examiner attentivement pour en vérifier l’exactitude. TransUnion partagera également ces informations avec Equifax et Experian. Ces derniers enverront tous deux des lettres de confirmation contenant un numéro à appeler pour commander des copies gratuites de vos rapports de solvabilité à vérifier.

  Pour contacter l’une des agences d’évaluation du crédit, consultez la liste ci-dessous :

  Equifax: 1-800-525-6285
  PO Box 740260
  Atlanta, GA 30374

  Experian: 1-888-397-3742
  PO Box 9554
  Allen, TX 75013

  TransUnion: 1-800-680-7289
  PO Box 2000
  Chester, PA 19016

  Il suffit de contacter l’une de ces agences et de suivre l’une de ces méthodes.

  Vous ne serez pas facturé pour ce service. Veuillez noter que la mise en place d’une alerte à la fraude peut retarder votre capacité à obtenir rapidement de nouveaux crédits.

• Rapport annuel de solvabilité

• ---

• Que vous choisissiez ou non de vous inscrire au programme de protection de l’identité IDX, vous pouvez commander une copie de votre rapport de solvabilité, gratuitement, une fois par an auprès de chaque agence d’évaluation du crédit. Vous pouvez obtenir un rapport de crédit gratuit en accédant au site www.annualcreditreport.com ou en appelant le 1-877-322-8228

• Vérifiez votre rapport de solvabilité

• ---

• Lorsque vous recevez un rapport de solvabilité, vous devez l’examiner attentivement. Recherchez les comptes que vous n’avez pas ouverts. Recherchez les demandes de renseignements des créanciers que vous n’avez pas initiées. Recherchez les informations personnelles, telles que l’adresse du domicile, l’emploi ou les numéros de sécurité sociale, qui ne sont pas exactes. Si vous constatez quelque chose que vous ne comprenez pas, appelez l’agence d’évaluation du crédit au numéro de téléphone indiqué sur le rapport.

  Si votre rapport de solvabilité indique une fraude ou un vol d’identité, appelez la police ou les autorités locales et déposez une plainte pour usurpation d’identité. Demandez une copie du rapport de police. Il se peut que vous deviez remettre des copies du rapport de police à vos créanciers afin de régulariser votre dossier. Si vous pensez être victime d’un vol d’identité et que vous vous êtes inscrit au programme de protection de l’identité IDX, vous devez les contacter immédiatement. Vous pourrez parler de votre situation avec un avocat spécialisé et, si nécessaire, il ouvrira un dossier pour résoudre l’usurpation d’identité en votre nom.

• Pour plus d’informations

• ---

• Si vous souhaitez en savoir plus sur l’usurpation d’identité et les moyens de vous protéger, vous pouvez contacter la Federal Trade Commission au 1-877-438-4338. Le site Web de la FTC, www.consumer.ftc.govoffre également des informations supplémentaires sur le vol d’identité que vous pourrez trouver utiles.

• Le gel de la sécurité

• ---

• Le gel de sécurité (ou gel de crédit) est une option réservée aux personnes qui ont subi une grave usurpation d’identité. Étant donné que le gel bloque littéralement votre crédit, cette option ne convient pas aux personnes qui cherchent simplement une protection supplémentaire de leur crédit. Nous pensons que la surveillance du crédit, les alertes à la fraude et les services de rétablissement des droits des victimes sont des options plus que suffisantes pour se défendre contre le vol d’identité.

  Un gel de sécurité ne vous empêchera pas de vous inscrire à nos services. Vous pouvez tout à fait vous inscrire à nos services et vous n’avez pas besoin de désactiver le gel pour le faire. En effet, nous ne demandons pas votre numéro de sécurité sociale pour vous inscrire, mais uniquement votre nom, votre adresse, votre numéro de téléphone et votre adresse électronique. Aucun de ces éléments ne nécessiterait une enquête de crédit. Cependant, un gel de sécurité affectera votre capacité à activer la partie surveillance de votre adhésion. Pour activer la partie surveillance, vous devrez désactiver temporairement votre gel de sécurité.

  Pour en savoir plus sur les gels de sécurité et les lois pertinentes des États, contactez le bureau du procureur général de votre État ou visitez le site Web de la Federal Trade Commission pour obtenir des informations sur le gel des crédits.

  
  Notez que vous devez avoir un dossier et des antécédents de crédit confirmés pourlancer une alerte à la fraude, un gel du crédit ou utiliser le site www.annualcreditreport.com.