Pinnacle Clinical Research (“Pinnacle”) is a medical clinical research organization specializing in Hepatological and Gastroenterological sciences, that receives certain personal and health information of individuals while performing certain liver scans and research trials. Pinnacle is providing notice of a recent incident that may have affected the security of certain individual’s private health information and/or personal information that received services from Pinnacle.
In April of this year, Pinnacle identified suspicious activity in relation to a Pinnacle email account. Upon discovery, Pinnacle immediately secured the impacted email account and launched an investigation with the help of independent IT security and forensic investigators to determine the scope and extent of potential unauthorized access to the system and any sensitive information. On or about May 8, 2020, the investigation confirmed that there was limited unauthorized access to a single Pinnacle email account. Pinnacle then analyzed all of the information in the impacted email account in order to assess what data might have been viewed or accessed. On or about June 8, 2020, it was determined that the compromised email accounts contained protected health information and/or personally identifiable information about certain individuals doing business with Pinnacle.
What Information Was Involved?
The information that was subject to unauthorized access was different in individual cases, however, in general the data may have contained names, mailing addresses, telephone numbers, medical history, treatment information, and, in some instances, date of birth, Social Security number, driver’s license number, state ID number, taxpayer ID number, passport number, credit card/financial account number, associated PIN or password, email address, and/or health insurance individual policy number.
What Are We Doing?
We take the security of information that our clients and business partners entrust in us very seriously. Upon discovery of this incident, Pinnacle immediately secured the email account by resetting the password and also took steps to prevent further unauthorized access. We hired a qualified independent IT forensic investigator to conduct an exhaustive investigation of this matter. The problem has been remediated and our email and IT systems are operating securely. As part of our ongoing commitment to the security of sensitive information in our care, we are working to implement additional safeguards and security measures to enhance the privacy and security of information in our systems. In addition to providing affected individual’s notice, we are providing notice to the U.S. Department of Health and Human Services, relevant media outlets, and state regulators if required.
Pinnacle has secured the services of Kroll to provide identity theft protection and credit monitoring services at no cost to affected individuals for one year. We encourage all affected individuals to remain vigilant and to regularly review and monitor relevant account statements and credit reports and report suspected incidents of identity theft to local law enforcement, your state’s Attorney General, or the Federal Trade Commission (the “FTC”).
For More Information:
On behalf of Pinnacle, we are genuinely sorry this incident occurred and apologize for the inconvenience this matter may cause you. We can assure you that we are doing everything we can to protect you and your information, now and in the future. If you have questions about this notice or this incident, or require further assistance, you can reach us at (516) 938-1828 between the hours of 9:00 a.m. and 5:00 p.m. (EST).
Gail Hinkson, Clinical Research Director / CEO