On April 19, 2024, Valley Mountain Regional Center (VMRC) released a notice regarding a significant data security breach. This incident affects the personal and protected health information of certain current and former patients.
The breach was discovered on August 1, 2023, when VMRC identified unusual activity within its network environment. "Upon discovering this activity, VMRC immediately took steps to secure our network and launched an investigation with the assistance of independent cybersecurity experts," said VMRC in their announcement.
"Upon discovering this activity, VMRC immediately took steps to secure our network and launched an investigation with the assistance of independent cybersecurity experts,"
An investigation uncovered that unauthorized access to certain personal information had taken place around July 29, 2023. To fully understand the breach and its implications, VMRC engaged a third-party vendor for a detailed review of the affected data. This analysis concluded on February 20, 2024, confirming that sensitive personal information was involved.
By the Numbers
The data potentially compromised includes a variety of personal identifiers such as names, Social Security numbers, taxpayer identification numbers, dates of birth, and health-related details. "Please note that not all data elements were affected for all individuals," VMRC clarified, emphasizing the varying nature of the exposure.
"Please note that not all data elements were affected for all individuals,"
In response to the breach, VMRC has taken swift action. They have notified the Federal Bureau of Investigation (FBI) and are prepared to assist in holding those responsible accountable. Additionally, they have informed the U.S. Health and Human Services Office for Civil Rights, along with consumer reporting agencies, about the incident.
At this point, VMRC has not found any evidence indicating that the compromised information has been misused. Nevertheless, on April 19, 2024, the center mailed notifications to potentially affected individuals, detailing the nature of the incident and providing information on protective resources. These resources include the option to enroll in complimentary identity protection services offered through Cyberscout.
To facilitate communication, VMRC has established a toll-free call center, operational Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding major U.S. holidays. "Our call center is here to answer questions about the incident and address related concerns," stated VMRC. The number for this hotline is 1-833-538-8494.
"Our call center is here to answer questions about the incident and address related concerns,"
For those who did not receive a notification letter, VMRC encourages verification of eligibility through the call center before enrolling in any available services. In light of this incident, VMRC urges all affected individuals to take proactive steps to protect their information.
Among the recommendations provided, VMRC emphasized the importance of promptly notifying financial institutions regarding any suspicious activity. "If you detect suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained," said the center, reinforcing the need for vigilance.
"If you detect suspicious activity on any of your accounts, you should promptly notify the financial institution or company with which the account is maintained,"
Additionally, individuals are encouraged to monitor their credit reports. They can obtain a free copy from each of the three major credit reporting agencies at annualcreditreport.com. The organization also reminded individuals to report any unauthorized transactions or suspected incidents of identity theft to relevant authorities.
VMRC expressed deep concern over the distress this situation may cause to affected individuals. "The privacy and protection of personal and protected health information is our top priority, and VMRC deeply regrets any inconvenience or concern this incident may cause," the center concluded.
"The privacy and protection of personal and protected health information is our top priority, and VMRC deeply regrets any inconvenience or concern this incident may cause,"
Looking Ahead
As the situation develops, VMRC is implementing additional measures to bolster security and prevent future breaches, demonstrating their commitment to safeguarding patient information and addressing the aftermath of this incident. It remains imperative for individuals to stay informed and proactive in managing their personal data security.
