NOTICE OF EMAIL SECURITY INCIDENT

STANDARD PRESS RELEASE

Contact Information
Hawaii Independent Physicians Association
(855) 731-3293
administration@hawaiiipa.com

Release Date:
June 24, 2021

NOTICE OF EMAIL SECURITY INCIDENT

Honolulu, Hawaii, June 2021 – Hawaii Independent Physicians Association (“HIPA”) on behalf of the physicians listed below has provided public notice (this “Notice”) of a potential email security incident involving patient protected health information (“PHI”). On February 4, 2021, HIPA became aware that the email account of one of its subcontractors was compromised by an unknown third-party attacker. Specifically, the unknown third-party accessed the email account and retrieved personal information of the email account holder. It is unclear, however, whether the attacker accessed other information contained in the email account. Immediately upon discovery, HIPA shut down all access to the subject email account, required all HIPA users to change their access credentials (username/passwords) to all email accounts and other system logins and immediately engaged with a cybersecurity firm to investigate the incident. The physicians listed below were not responsible in any way for the security incident, but HIPA is working closely with them to ensure that all patients are informed about the compromised email account. HIPA takes seriously our responsibility to protect the confidentiality of the personal information of all patients of the above listed physicians.

Data related to past and current patients of the HIPA Physicians listed below were potentially affected. While HIPA has no evidence showing that any patient data were compromised, the cybersecurity firm contracted by HIPA was not able to definitively conclude whether any data were actually viewed or removed from the subject email account. Accordingly, there is a possibility patients’ full name, date of birth, home address, and general health condition may have been affected. The email account DID NOT contain any patient social security numbers or financial information. HIPA does not store financial information such as social security numbers or bank account or credit card numbers. Thus, financial information was NOT compromised.

As described in this notice, HIPA took immediate action to address the email compromise. The cybersecurity firm completed its investigation and confirmed there was no further infiltration or unauthorized access to the subject email account, other HIPA email accounts or to HIPA equipment, systems and servers. The cybersecurity firm made certain recommendations to strengthen HIPAʻs protections to help avoid any future incidents, which HIPA has already begun to implement. We do not expect that patients of the HIPA Physicians listed below will experience any harm from this incident, and there is no action patients need to take at this time other than remaining vigilant and monitoring your credit reports and financial accounts.

HIPA provides services to and on behalf of the following physicians:

Dr. Frank Baum
Dr. Baybayan
Dr. Steven Brauer
Dr. Baron Ching
Dr. Steve Clark
Dr. Stephen Daly
Dr. Michael Dung
Dr. David Fitzpatrick
Dr. Jennifer Frank
Dr. Benjamin Gamboa
Dr. Benjamin Gozun
Dr. Sharon Hiu
Dr. Aaron Hoo
Dr. Maria Ilar-Revilla
Dr. Gary Inamine
Dr. Nikki Inamine
Dr. Tad Iwanuma
Dr. Samuel Johnsen
Dr. Kenneth Kepler
Dr. Robert Koch
Dr. Yefim Levy
Dr. Jeffrey Lin
Dr. Traci Masaki-Tesoro
Dr. Robert Mastroianni
Dr. Richard Min
Dr. Marc Miyasaki
Dr. Ashlee Nekoba
Dr. Howard Neudorf
Dr. Susan Nishida
Dr. Justin Ody
Dr. James Okamoto
Dr. Landon Opunui
Dr. Patrick Pan
Dr. Graeme Reed
Dr. Julie Rizzolo
Dr. David Saito
Dr. Sarah See
Dr. Curtis Takemoto-Gentile
Dr. Krishanna Takemoto-Gentile
Dr. Nadine Tenn Salle
Dr. Noel Termulo
Dr. Linda Tetor
Dr. Coralie Texeira
Dr. Russell Tom
Dr. Brent Uyeno
Dr. Wesley Wong
Dr. Thelma Yamada
Dr. Gayland Yee
Dr. Ira Zunin

START TYPING AND PRESS ENTER TO SEARCH