The Valley Hope Association, a drug and alcohol addiction treatment organization suffered from a data security breach that potentially exposed patient data to unauthorized access.
After the suspicious activity was confirmed, Valley Hope started an investigation that included working with outside forensic specialists to determine the full extent of the incident.
The investigation determined that the affected information included one or more of these data points: name, address, medication/prescription information, Social Security number, financial account information, driver’s license or state identification card number, patient claim/billing information, date of birth, health insurance information, medical record number, and doctor’s name.
They offered 12 months of credit monitoring and identity protection services at no cost to the affected individuals, in addition, set up a resource page on the website with steps individuals can take to protect their identities.
Source: https://www.databreaches.net/valley-hope-association-notifies-patients-after-employee-email-hack/
TPRM report: https://www.rankiteo.com/company/valleyhope
"id": "val17412223",
"linkid": "valleyhope",
"type": "Breach",
"date": "6/2017",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Drug and Alcohol Addiction Treatment',
'name': 'Valley Hope Association',
'type': 'Healthcare'}],
'customer_advisories': 'Set up a resource page on the website with steps '
'individuals can take to protect their identities',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['name',
'address',
'medication/prescription '
'information',
'Social Security number',
'financial account information',
'driver’s license or state '
'identification card number',
'patient claim/billing '
'information',
'date of birth',
'health insurance information',
'medical record number',
'doctor’s name']},
'description': 'The Valley Hope Association, a drug and alcohol addiction '
'treatment organization suffered from a data security breach '
'that potentially exposed patient data to unauthorized access.',
'impact': {'data_compromised': ['name',
'address',
'medication/prescription information',
'Social Security number',
'financial account information',
'driver’s license or state identification '
'card number',
'patient claim/billing information',
'date of birth',
'health insurance information',
'medical record number',
'doctor’s name']},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': 'Offered 12 months of credit '
'monitoring and identity '
'protection services at no '
'cost to the affected '
'individuals'},
'response': {'communication_strategy': 'Set up a resource page on the website '
'with steps individuals can take to '
'protect their identities',
'remediation_measures': 'Offered 12 months of credit monitoring '
'and identity protection services at no '
'cost to the affected individuals',
'third_party_assistance': 'Worked with outside forensic '
'specialists'},
'title': 'Data Security Breach at Valley Hope Association',
'type': 'Data Breach'}