Data breach at Valley Hope Association centers affects 70,000 patients
- The breach affected 16 facilities across Kansas, Missouri, Nebraska, Arizona, Oklahoma, Texas, and Colorado.
- The information compromised in the breach includes patients’ names, addresses, medication/prescription information, Social Security numbers and more.
A data breach at Valley Hope Association addiction treatment centers has resulted in the compromise of personal data of 70,000 patients. The breach affected 16 facilities across Kansas, Missouri, Nebraska, Arizona, Oklahoma, Texas, and Colorado.
According to the breach notification, Valley Hope noticed unusual activity on one of its employees’ email account on October 10, 2018. It immediately commenced an investigation to understand the scope of the incident.
On November 23, 2018, it was found that an intruder had gained unauthorized access to the employee’s email account between October 9-10, 2018. After a thorough investigation, the forensic investigators confirmed that affected email contained attachments related to patients’ personal information.
What information was compromised?
The information compromised in the breach includes patients’ names, addresses, medication/prescription information, Social Security numbers, financial account information, driver’s license or state identification card numbers, patient claim/billing information, dates of birth, health insurance information, medical record numbers, and doctor’s names.
The affected facilities have notified about the breach to the Department of Health and Human Services’ Office for Civil Rights, state regulators and the three major credit reporting agencies.
In addition to that, it has also started informing the potential affected victims. It has created some guidelines to help its patients to protect themselves from identity theft.
“Valley Hope has created this resource page to help answer further questions and provide guidelines for individuals to help protect themselves from identity theft and what they can do if they believe their personal information has been compromised,” the security notice said.
Valley Hope is also offering 12 months of free identity monitoring services to its affected customers.