Email hack suspected in Valley Hope Association data breach
Valley Hope Association, comprising 16 addiction treatment facilities in seven Midwest states, suffered a breach of data after an employee’s email account was hacked.
Valley Hope Association, comprising 16 addiction treatment facilities in seven Midwest states, suffered a breach of data after an employee’s email account was hacked.
The organization hired forensic specialists to determine the nature and scope of the incident, and on November 23, research confirmed that a data breach occurred on either October 9 or 10, after an intruder logged into the email account.
“Since that time, we have been working diligently to identify contact information for affected individuals and provide them notice,” the association told affected patients in a notification letter.
Also See: Microsoft, Google use artificial intelligence to fight hackers
At least 12 types of protected health information, including Social Security numbers, may have been compromised, although no diagnosis or treatment information was exposed. To date, Valley Hope is not aware of attempted or actual use of data.
Now, the organization is notifying the Department of Health and Human Services’ Office for Civil Rights, state regulators and the three major credit reporting agencies, and has created a resource page to answer patient questions and give guidelines on protecting against identity theft.
Valley Hope Association also is offering affected individuals one year of identity monitoring from Kroll with a portfolio of services such as credit monitoring.
“Valley Hope takes the privacy and security of the personal information in our care very seriously, and we sincerely regret any inconvenience or concern this incident may cause you,” the organization told patients.
The notification letter did not specify how many individuals were affected. That information, however, soon should be posted on the HHS web site of data breaches.
The organization hired forensic specialists to determine the nature and scope of the incident, and on November 23, research confirmed that a data breach occurred on either October 9 or 10, after an intruder logged into the email account.
“Since that time, we have been working diligently to identify contact information for affected individuals and provide them notice,” the association told affected patients in a notification letter.
Also See: Microsoft, Google use artificial intelligence to fight hackers
At least 12 types of protected health information, including Social Security numbers, may have been compromised, although no diagnosis or treatment information was exposed. To date, Valley Hope is not aware of attempted or actual use of data.
Now, the organization is notifying the Department of Health and Human Services’ Office for Civil Rights, state regulators and the three major credit reporting agencies, and has created a resource page to answer patient questions and give guidelines on protecting against identity theft.Valley Hope Association also is offering affected individuals one year of identity monitoring from Kroll with a portfolio of services such as credit monitoring.
“Valley Hope takes the privacy and security of the personal information in our care very seriously, and we sincerely regret any inconvenience or concern this incident may cause you,” the organization told patients.
The notification letter did not specify how many individuals were affected. That information, however, soon should be posted on the HHS web site of data breaches.
More for you
Loading data for hdm_tax_topic #care-team-experience...