Data Security Notice

NOTICE OF DATA BREACH

This notice is from Veradigm LLC (“Veradigm”) about a data security incident. Veradigm is a health information technology company that provides software solutions to healthcare providers and practices, including potentially to your healthcare practice. If you were redirected from your healthcare practice’s website to this notice and were a patient at that practice on or before December 15, 2024, your personal data may have been affected by this incident.

Your healthcare practice has authorized Veradigm to send notification letters to individuals who may have been impacted. However, because neither Veradigm nor your practice has current mailing addresses for all potentially affected individuals, your healthcare practice is posting this substitute notice on this website, as permitted under the Health Insurance Portability and Accountability Act (HIPAA).

What Happened? On July 1, 2025, Veradigm discovered that data belonging to some of its customers had been accessed by an unauthorized party. Veradigm promptly began an investigation with the assistance of top cybersecurity experts and worked to mitigate any impact from this access. We also notified law enforcement.

Veradigm learned that, following a data security incident targeting one of its other customers (not your healthcare practice), the unauthorized party used a credential obtained from that customer to access a Veradigm storage account. Using this credential, the attacker accessed the data stored in that account, which potentially included some of your information. Although the incident occurred around December 15, 2024, Veradigm only became aware of it recently through a third party investigating the original data security incident involving the impacted customer. Veradigm has confirmed that only this one storage account was affected by this incident. No other Veradigm systems or environments were affected, and your healthcare practice’s system was not affected.

At this time, Veradigm has no evidence that your information has been misused.

What Information Was Involved? The specific information impacted varies by individual but may include your name, contact details, date of birth, health records data (such as diagnoses, medications, test results, and treatments), health insurance information, payment details, and limited identifiers like your Social Security number or driver’s license number.

What Veradigm is Doing. Veradigm takes privacy and security very seriously. It brought in cybersecurity experts to conduct a thorough review of the impacted storage account and allocated significant resources to help ensure that the solutions Veradigm provides to its customers are secure. Additionally, Veradigm has implemented new technical safeguards and other measures to further reduce the likelihood of a similar event in the future.

To help protect potentially impacted patients, Veradigm is offering credit monitoring and identity protection services through a third-party vendor, Experian. If you are an impacted patient, did not receive a notice letter by mail or email, and wish to sign up for credit monitoring, you may do so by contacting Experian at 833-918-7200. Callers will be asked for an engagement number, which is B150152.

Individuals may have additional rights available to them depending on the state they live in and should refer to the Attachments below for additional information.

What You Can Do. Veradigm encourages you to enroll in the free credit monitoring service. Veradigm also recommends that you regularly check your bank account and credit card statements and review your credit report. If you notice any suspicious activity, you should immediately contact your financial institution and/or credit card company or relevant credit agency.

For More Information. Veradigm sincerely regrets any inconvenience or concern this may cause. If you have any questions or concerns about this incident, please call 833-918-7200 toll-free Monday through Friday from 8 am to 8 pm Central Time (excluding major U.S. holidays). Callers will be asked to provide the engagement number above.

Attachment A: Additional Information on Protecting Your Information

Monitor Your Accounts
You may obtain a free copy of your credit report online at www.annualcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase a copy of your credit report by contacting one or more of the three national credit reporting agencies listed below.

When you receive your credit reports, review them carefully. Look for accounts or creditor inquiries that you did not initiate or do not recognize. Look for information, such as home address and Social Security number, that is not accurate. If you see anything you do not understand, call the credit reporting agency at the telephone number on the report.

Credit Freeze

You have the right to put a security freeze, also known as a credit freeze, on your credit file, so that no new credit can be opened in your name without the use of a Personal Identification Number (PIN) that is issued to you when you initiate a freeze. A credit freeze is designed to prevent potential creditors from accessing your credit report without your consent. If you place a credit freeze, potential creditors and other third parties will not be able to access your credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. Should you wish to place a credit freeze, please contact all three major consumer reporting agencies identified above.

You must separately place a credit freeze on your credit file at each credit reporting agency. The following information should be included when requesting a credit freeze: Full name, with middle initial and any suffixes; Social Security number; date of birth (month, day, and year); current address and previous addresses for the past five (5) years; proof of current address, such as a current utility bill or telephone bill; and other personal information as required by the applicable credit reporting agency. If you request a credit freeze online or by phone, the credit reporting agencies have one (1) business day after receiving your request to place a credit freeze on your credit file. If you request a lift of the credit freeze online or by phone, the credit reporting agency must lift the freeze within one (1) hour. If you request a credit freeze or lift of a credit freeze by mail, the credit reporting agency must place or lift the credit freeze no later than three (3) business days after getting your request.

Fraud Alerts

You also have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert lasts one (1 ) year. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which lasts seven (7) years. Should you wish to place a fraud alert, please contact any one of the major consumer reporting agencies listed above. The agency you contact will then contact the other two credit agencies.

Attachment B: Additional State Specific Information

You can further educate yourself regarding identity theft and the steps you can take to protect yourself, by contacting your state Attorney General or the Federal Trade Commission. Instances of known or suspected identity theft should be reported to law enforcement, your Attorney General, and the FTC. The Federal Trade Commission: 600 Pennsylvania Avenue, NW Washington, DC 20580. 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-653-4261; and www.ftc.gov/idtheft.