Notice of Cybersecurity Incident
SI DESEA RECIBIR ESTE AVISO EN ESPAÑOL, HAGA CLIC AQUI. GRACIAS
We are committed to providing you with information about an incident that may have exposed certain protected health information and personal information related to the work we do with some of our customers. We take the security of our customers and their patients’ information seriously and want to provide all impacted individuals with information and resources they can use to protect their information.
What Happened
On or around October 12, 2023, we detected and stopped a sophisticated ransomware attack, in which an unauthorized third party accessed some of CompleteCare Health Network’s computer systems. We immediately disconnected the affected systems, initiated our response protocols, and engaged third-party forensic specialists to assist us with securing the network environment, and investigating the extent of any unauthorized activity, including whether any patient information was accessed.
Our investigation determined that the unauthorized third party may have exfiltrated your personal data during this incident. Please know that we have taken steps to ensure your data will not be further published or distributed. We have also notified and are working with federal law enforcement to investigate.
What Information Was Involved
The impacted data varied by individual, but it may have contained personal information, including names, phone numbers, addresses, and some sensitive personal information and/or personal health information. Beginning on December 15th, CompleteCare mailed letters to affected individuals, and while, to date, CompleteCare is unaware of any misuse of the involved information, as a precaution, they are offering complimentary credit monitoring and identity theft protection services to individuals whose Personal Identifiable Information (PII) may have been impacted. Each notification letter sent to impacted individuals will include a list of specific data elements that were impacted as well as resources that they may use to protect themselves.
If you received a letter, your information was determined to be involved in this incident. We recommend you take advantage of the resources we are offering. If you do not receive a notification letter in the coming days, that means that we have not identified you as being someone whose sensitive data was impacted by this incident.
What We Are Doing
Data security is one of our highest priorities. Upon discovering the incident, we immediately took the affected systems offline and began the process of securing and confirming the fortification of our systems. We engaged third-party forensic specialists to confirm the security of our network and investigate the extent of the incident. We also notified federal law enforcement.
We have taken steps to further secure our network and mitigate the risk of a similar incident occurring in the future, including revising our policies and procedures and network security software, and revising how we store and manage data. Additionally, our network environment has been under 24/7 monitoring by cybersecurity experts to mitigate the chance of a future incident, and we have engaged leading cybersecurity firms to assist with monitoring our network for the long term.
In addition, we are providing affected individuals with access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge.
What You Can Do
Again, to help relieve concerns and restore confidence following this incident, we have secured the services of Cyberscout through Identity Force, a TransUnion company, to provide identity monitoring at no cost to impacted individuals for 12 months. TransUnion is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data.
We recommend impacted individuals to take advantage of the resources we are offering. For all individuals, however, it is always a good idea to remain vigilant by regularly monitoring your account statements and credit history for any signs of unauthorized transactions or activity.
For More Information
Representatives are available for 90 days from the date of this posting, to assist you with questions regarding this incident, between the hours of 8:00 a.m. to 8:00 p.m. Eastern Time, Monday through Friday, excluding holidays. Please call the helpline at 856-451-4700, select option 7 with any questions you may have.
On behalf of CompleteCare Health Network, please accept our sincere apology for any inconvenience this incident may have caused you. We value the security of the protected health information and personal information that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused. We are taking steps intended to prevent an incident like this from reoccurring.