R&B Corporation of Virginia d/b/a Credit Control Corporation (“CCC”) provides debt collection services for various health care organizations including Riverside Health System. On May 7th, Riverside was alerted that CCC, was the victim of a cyber event, which resulted in the compromise of certain files from CCC’s network that contained protected health information (PHI) for individuals from multiple organizations, including Riverside. Riverside understands the importance of protecting the personal information of our patients. At this time, we are working with CCC to fully understand the impact to our organization. CCC is notifying individuals on behalf of the organizations whose data was contained in the files and providing individuals with complimentary credit monitoring and identity protection services.
Frequently Asked Questions
What happened?
On March 7, 2023, CCC became aware of unusual activity involving certain systems within their network. CCC promptly isolated the systems, and, with the assistance of third-party forensic specialists, commenced a comprehensive investigation into the nature and scope of the activity. On or about March 14, 2023, the investigation determined that certain files were copied from CCC’s network as part of a cyber incident between March 2, 2023 and March 7, 2023. CCC undertook a thorough review of the files in order to identify what specific information was present in the files and to whom it related. On May 4, 2023, CCC began notifying its business partners and worked with them to notify individuals whose information was contained in the files.
What information was involved?
Although the review is ongoing, on or about May 3, 2023 the investigation determined that, at the time of the incident, the relevant files contained information including name, address, social security numbers, account number, account balance, and date of service relating to the individual’s account(s). The information varies by individual.
What CCC is doing
Both Riverside and CCC take this event and the security of information in our care seriously. As part of our ongoing commitment to the security of information, we have a process in place to ensure regular and timely review and where necessary the updating of our existing policies and procedures related to data protection and security. We have also implemented additional security measures as appropriate to further secure the information in our systems and we are increasing the frequency of our team member training on topics including the importance of safeguarding data.
What you can do
We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity. You may also review the information contained in the attached Steps You Can Take to Protect Personal Information section of this letter. Further, you may enroll in the complimentary credit monitoring and identity protection services CCC is offering to you for 1 or 2 years through Kroll. (2 years for CT, DC, and MA (per data breach notice statute) and 1 year in the remaining jurisdictions). Please contact CCC for more information on how to enroll in free credit monitoring.
For More Information
If you have additional questions, please contact CCC’s dedicated assistance line at 866-347-3197, Monday through Friday from 9:00 am to 6:30 pm EST (excluding U.S. holidays). You may also write to Credit Control Corporation, attention: Privacy Dept., 11821 Rock Landing Drive, Newport News, VA 23606 or visit our website at www.creditcontrol.net.