Notice of Data Breach

The Oregon Clinic is informing its patients of a data security incident that may have involved personal information. At The Oregon Clinic, we take the privacy and security of our patients’ information very seriously, and are informing impacted patients about steps that can be taken to protect their personal information.

What Happened? On March 9, 2018, The Oregon Clinic learned that an unauthorized third party accessed an email account. We immediately disabled the unauthorized access to the account and began an investigation to determine what had occurred and whether protected health information (PHI) may have been affected. We also engaged cybersecurity experts, including a digital forensics firm, to determine the nature and extent of the incident. On April 19, 2018, the investigation determined that PHI may have been affected. We determined that the incident was restricted to the one email account and did not affect any other aspect of the Oregon Clinic network. 

What Information Was Involved? The following information may have been affected: names, dates of birth, and certain medical information. This medical information may include medical record numbers, diagnosis information, medical condition, diagnostic tests performed, prescription information, and/or health insurance information. For a small subset of patients, Social Security numbers may also have been affected.   

What Are We Doing? The Oregon Clinic took the steps referenced above in response to the data security incident. We are also providing impacted patients with additional information about steps to can take to protect their personal information. Finally, we are also offering those impacted patients credit and/or identity monitoring services for 12 months at no cost through Experian.  

What You Can Do: We are providing the follow the recommendations to assist you with taking steps to protect your personal information.  Additionally, a toll free number, (833-219-9088), has been established for impacted patients to enroll in services and obtain information about the incident. 

Steps You Can Take to Further Protect Your Information

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity:  As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely.  If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained.  You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).

Copy of Credit Report:  You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348.  You can print this form at You also can contact one of the following three national credit reporting agencies:

P.O. Box 1000
Chester, PA 19016

P.O. Box 9532
Allen, TX 75013


P.O. Box 140241
Atlanta, GA 30374


Free Annual Report
P.O. Box 105281
Atlanta, GA 30348

Fraud Alert:  You may want to consider placing a fraud alert on your credit report.  An initial fraud alert is free and will stay on your credit file for at least 90 days.  The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name.  To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above.  Additional information is available at

Security Freeze:  In some U.S. states, you have the right to put a security freeze on your credit file.  This will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze.  A security freeze is designed to prevent potential creditors from accessing your credit report without your consent.  As a result, using a security freeze may interfere with or delay your ability to obtain credit.  You must separately place a security freeze on your credit file with each credit reporting agency.  If you request a security freeze from a consumer reporting agency there may be a fee up to $10 to place, lift or remove the security freeze.  In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. 

Additional Free Resources:  You can obtain information from the consumer reporting agencies, the FTC or from your respective state Attorney General about steps you can take toward preventing identity theft.  You may report suspected identity theft to local law enforcement, including to the FTC or to the Attorney General in your state.  Residents of Maryland, North Carolina, and Rhode Island can obtain more information from their Attorneys General using the contact information below.

Federal Trade Commission
600 Pennsylvania Ave, NW
Washington, DC  20580, and

Maryland Attorney General
200 St. Paul Place
Baltimore, MD 21202

North Carolina Attorney General
9001 Mail Service Center
Raleigh, NC 27699

Rhode Island
Attorney General
150 South Main Street
Providence, RI 02903


You also have certain rights under the Fair Credit Reporting Act (FCRA), including the right to know what is in your file, to dispute incomplete or inaccurate information, and to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information.  For more information about the FCRA, and your rights pursuant to the FCRA, please visit