Notice of Data Security Incident
Mat-Su Surgical Associates, APC (“MSA”) recently suffered a ransomware attack that may have impacted
the protected health information (“PHI”) of some of the current or former patients of Valley Surgical
Associates and MSA. MSA takes the security of all patient information seriously, and immediately began
an investigation to determine what occurred, and whether any information was at risk.
On March 16, 2020, MSA discovered that some of its files were encrypted, and they were unable to access
their system. MSA hired independent computer forensic experts to investigation, who determined that an
unauthorized individual may have gained access to files stored on our system that contained some of our
patients’ PHI. Unfortunately, the investigators were unable to identify all files that may have been viewed
by the unauthorized individual.
What information was involved?
From our investigation, it appears that impacted information may have included contained patient names,
addresses, Social Security numbers, diagnosis and treatment information, test results, health insurance
information, and other information related to patient medical care.
What is Mat Su Surgical Associates doing?
MSA sent letters to all MSA and VSA patients and appropriate regulatory agencies. Additionally, impacted
individuals can obtain, at no cost, credit monitoring and identity theft protection through ID Experts. MSA
has also taken steps to minimize the risk of this kind of event from happening in the future, including
resetting all passwords and putting additional controls in place for any type of remote access to our systems.
We are also reviewing our policies and procedures to ensure that the appropriate controls are in place to
“Our patients’ trust is essential to Mat-Su Surgical Associates, and we regret any concern or inconvenience
this has caused,” said Garth LeCheminant, M.D., owner of MSA. “The privacy and protection of our
patient’s information is a matter we take seriously, and we have taken steps to help prevent this type of
incident from occurring in the future.”
For more information: To determine whether you were affected or for more information about this
incident, please call (833) 579-1096. Individuals can also contact the Federal Trade Commission at 600
Pennsylvania Avenue NW, Washington, D.C. 20580, 1-877-ID-THEFT (1-877-438-4338); TTY: 1-866-
653-4261 or visit www.ftc.gov/idtheft/ for more information on protecting their identity.
Notice of Data Security Incident in pdf format.