Data Breach Notice

Vincent Vein Center Grand Junction, P.C. (“VVC”) uses an electronic health record and
practice management tool called PrognoCIS that is owned and operated by a third-party
vendor, Bizmatics. Bizmatics recently provided VVC the attached letter indicating that
a malicious hacker attacked Bizmatics’ data servers, which resulted in unauthorized
access to Bizmatics customers’ records – ours included.

The PrognoCIS tool stores and organizes patient files, so the information that was
potentially compromised is the medical record we maintain on you as a patient, such as
health visit and treatment information, name, address, health insurance information,
other identifying information, and, in some cases, a social security number. No credit
card or financial information is stored in your patient file. Furthermore, as you will note
in the letter from Bizmatics, Bizmatics has informed us that it has “no evidence that any
of [VVC’s] records were in fact accessed or acquired by unauthorized persons, posted
online, or otherwise shared in a public manner”.

VVC takes this issue seriously and has been in contact with Bizmatics regarding its
investigation and assessment of the situation. Bizmatics informed VVC that it has
consulted with law enforcement and has hired an independent cyber forensics firm to
investigate and assure the intrusion is contained and the affected systems are better
secured.

As noted in Bizmatics’ letter, we have no reason to believe that our patient files were
the target of the hackers’ attack on Bizmatics. VVC is examining Bizmatics’ practices
and determining whether a continued relationship with Bizmatics is appropriate. VVC
will make every attempt to prevent further breaches.

We want to assure that your questions about this incident are answered so we have
established a toll free number you can call to address your concerns. That number is
1-855-465-8882. You can also write us at 601 Center Ave, Grand Junction, CO 81501
or Info@VincentVein.com.

Despite there being no evidence that your records were accessed or that identity theft
has occurred as a result of the incident, we have included the information enclosed as a
resource for you. We sincerely regret that this incident has occurred and thank you for
your understanding.