Note: VHA’s notice on their web site emphasizes that no diagnostic or treatment information was exposed. Given the nature of this provider, that will be a relief to many patients. Because this incident is not yet posted on HHS’s public breach tool, we do not yet have the number being notified. The following is VHA’s press release:
NORTON, Kan., Jan. 19, 2019 /PRNewswire/ — The Valley Hope Association, a drug and alcohol addiction treatment organization with 16 facilities in seven states, has notified patients about a data security breach that may have potentially exposed patient data to unauthorized access.
The event occurred in October 2018, when Valley Hope became aware of unusual activity relating to an employee’s e-mail account. After the suspicious activity was confirmed, Valley Hope started an investigation that included working with outside forensic specialists, to determine the full extent of the incident. On Nov. 23, 2018, that investigation concluded that an unauthorized user had logged into the employee’s e-mail account between Oct. 9-10, 2018, resulting in a risk of unauthorized access to the e-mail messages and file attachments stored on the e-mail account. Those messages and attachments may have potentially included sensitive personal information.
“Valley Hope takes the security of our patients’ personal information very seriously,” said Dan Lara, public affairs manager. “The breach was discovered quickly, and we immediately launched an investigation, bringing in outside experts to determine the nature and potential risk to our patient data. We conducted a thorough investigation that concluded patient data potentially was put at risk, and we begin notifying our patients directly. At this point, we have no direct knowledge that anyone’s personal data has been misused in any way. In addition, we can confirm that no patient diagnosis or treatment data was put at risk.”
While patient information present in the impacted e-mails varied by individual, the investigation determined that the affected information may have included one or more of these data points: name, address, medication/prescription information, Social Security number, financial account information, driver’s license or state identification card number, patient claim/billing information, date of birth, health insurance information, medical record number, and doctor’s name. Impacted individuals will be sent a notice detailing the specific types of their information that was affected.
In addition to notifying all patients directly by letter of this breach, Valley Hope has created a resource page at https://valleyhope.org to help answer further questions and provide guidelines for individuals to help protect themselves from identity theft and what they can do if they believe their personal information has been compromised.
“We understand that this event may cause concern for the individuals involved,” Lara said. “To help protect against the potential misuse of personal information, Valley Hope is offering 12 months of credit monitoring and identity protection services at no cost to the affected individuals. In addition, we have set up a resource page on our website with steps individuals can take to protect their identities.”
While Valley Hope has security measures in place to protect information in its care, the organization is taking additional steps to add new safeguards, and review policies and procedures to further protect the security of information in its systems.
In addition to the resource page at https://valleyhope.org, Valley Hope has set up a dedicated assistance telephone number to answer questions. The assistance line is available at (833) 228-5727, Monday through Friday, 8 a.m.-8 p.m. CST.
About Valley Hope:
A non-profit organization headquartered in Norton, Kan., Valley Hope offers residential and outpatient addiction treatment services at 16 centers in Arizona, Colorado, Kansas, Missouri, Nebraska, Oklahoma and Texas. Valley Hope’s mission is to provide proven, high quality treatment at an affordable price. Since its founding in 1967, Valley Hope has helped more than 310,000 individuals overcome addiction to lead successful and productive lives. Learn more at VallyHope.org or follow Valley Hope on Facebook, facebook.com/ValleyHopeAssociation; Twitter, @ValleyHopeAssoc; and LinkedIn, linkedin.com/company/ValleyHope. For help, call (800) 544-5101.
SOURCE Valley Hope Association