Fred Finch Youth Center (FFYC) is in the process of notifying 6,871 current and former clients and program participants of a potential breach of Protected Health Information (PHI), after discovering a break-in had occurred at one of FFYC’s San Diego County locations on the weekend of April 4th, 2015.
When discovered on Monday, April 6, police determined that burglars likely forced entry through a locked window, then also broke into a secured Server Room to steal several pieces of computer equipment, some of which contained client PHI. After the discovery, FFYC staff and Police officials investigated the incident to develop an initial determination of the scope of the theft. Staff then notified San Diego County and other regulatory authorities later that same day, and then followed up with updated reports through the next week.
Data contained on the stolen computer equipment included full names, Social Security numbers, dates of birth, treatment information and, in some cases, Medi-Cal account numbers.
No printed PHI and no credit card information were involved in this incident, and actual access to client information has not been confirmed. Additionally, while the data can be erased, and the equipment reused or resold, the security features installed help protect it from unauthorized access, preventing the thief from obtaining client information. However, despite these technical protections (including complex passwords and advanced electronic storage processes), there is a chance that a person with sufficient technical skill could defeat the security measures.
“Everyone at Fred Finch takes client confidentiality very seriously, and we work every day to protect it for those we serve,” said FFYC’s President and CEO Tom Alexander. “While we believe the primary motivation for this event was likely the resale value of the computer equipment, rather than the information it contained, we are working with a team of experts to continue to investigate. If we determine that additional security measures could have prevented this loss, we will take immediate action to implement them to minimize future risk.”
Although FFYC believes the risk of information misuse is low, it is sharing this information through letters to affected individuals, via press release to regional media, and through postings on its website to support current and former clients to take precautions to help protect their personal information. The Agency has also engaged the risk mitigation and response firm Kroll to provide identity theft protection services, including credit monitoring, at no cost to affected individuals. Additional details are below.
“We will do all we can to work with our clients whose personal information may have been compromised and to help them work through credit and identify restoration processes, should that be necessary,” said Alexander. “We regret that this incident has occurred, and are committed to taking the actions necessary to minimize the chance of recurrence.”
To that end, FFYC requires that all staff comply with strict procedures to safeguard client information (including annual privacy training and compliance with a set of interrelated confidentiality policies and protocols). The Agency is also training the identity protection professionals at Kroll to be prepared for clients to call with questions related to this potential data breach. Clients may call 855-366-0137 6 a.m. to 3 p.m. (Pacific Time), Mon through Fri. In addition, clients may visit Fred Finch Youth Center’s Web site at www.fredfinch.org, where further information will be posted when available.
FFYC recommends that affected individuals take several steps to protect themselves from potential harm, including:
- Enroll in the identity protection services FFYC is offering to help clients detect the possible misuse of information. Specifically, FFYC is providing a complimentary one year membership with Kroll to monitor clients’ identity, and to notify them of key changes detected. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. The Identity theft protection services include idIntegrity Scan for minors, Credit Monitoring for adults, and Identity Theft Consultation and Restoration for both. In order to activate services, clients must use the website address noted in the benefit guide they receive and provide the membership number included in their notification letter. To receive credit monitoring, clients must be over the age of 18 and have established credit in the U.S., have a Social Security number in their name, and have a U.S. residential address associated with their credit file. To receive the complimentary service, clients must enroll by September 5, 2015. Those who did not receive a letter or guide may call Kroll at 855-366-0137 to determine if they were involved in this breach and are eligible for services. This information will also be available on FFYC’s website (www.fredfinch.org).
Should individuals wish to check their credit on their own, or in addition to this service, they may do so annually at no cost by calling 1-877-322-8228 or going to the Annual Credit Report website at www.annualcreditreport.com;
- Monitor mail for medical bills that clients do not recognize, and report suspicious and unrecognized bills to the credit reporting agency listed above;
- Notify medical insurance providers (e.g. Medi-Cal), social security (if applicable), and bank (if applicable) of the breach;
- Ask for new bank cards (if applicable), new passwords for account(s), and other tools that the institution can provide to secure personal information; and
- Use of caution if clients receive phone calls or letters asking for authorization for credit or other information, and exercise great care to not give any information over the phone to unknown persons.
Current and previous clients and/or their guardians are invited to contact FFYC with questions by:
SOURCE Fred Finch Youth Center