DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WV: Elkins Rehabilitation & Care Center notifies residents and employees of breach first discovered in February 2019

Posted on July 31, 2020 by Dissent

I know some people may think I’m being too harsh, but really — almost 1.5 years from detection to notifications to people of a breach? Their response in terms of preventing more incidents seems reasonable, but the gap to figure out that notification was needed and then whom to notify seems too long.  What will HHS    or the state attorney general of West Virginia do, if anything? Here is the ERCC’s press release/notice:

ELKINS — Elkins Rehabilitation & Care Center has become aware of a data security incident that may have resulted in unauthorized access to some resident and employee information.

At this time, there is no evidence of any attempted or actual misuse of any personal information. However, ERCC is notifying, via first-class mail, any resident and employee whose information may have been accessed in order to provide details of the incident, ERCC’s response to the incident, and provide resources to help protect any residents and employees in the event they were affected.

Continuing to maintain your trust is a top priority at ERCC, and ERCC sincerely apologizes for any inconvenience or concern this incident may cause.

In February of 2019, ERCC found evidence to suggest that a limited number of ERCC’s employee email accounts may have been inappropriately accessed. Upon discovery of this evidence, ERCC immediately notified its information technology team, who undertook an investigation and found evidence to suggest that malware infected several systems within ERCC’s computer network between Feb. 4, 2019, and Feb. 7, 2019.

ERCC’s information technology team quickly moved to clean the infection, reset all users’ passwords, and identify the malware variant. Once ERCC determined that the variant of malware had the ability to extract emails, ERCC proceeded to engage an e-discovery expert to review the contents of the affected email accounts.

On July 1, 2020, after a thorough and full search of the compromised accounts was completed, ERCC discovered that the affected email accounts may have contained information about some of its current and former residents and employees, including first and last names in combination with one or more of the following attributes: limited protected health information, Social Security numbers, and/or driver’s license numbers.

Once again, ERCC has no evidence of attempted or actual misuse of anyone’s information as a consequence of this incident. Nonetheless, ERCC is informing its residents and employees of this incident out of an abundance of caution.

In light of this incident, ERCC is offering complimentary identity theft restoration and credit monitoring services through Kroll to help protect any impacted current and/or former residents and employees for a certain period of time. ERCC encourages residents and employees who think their information may be at risk to call (844) 929-2285 Monday through Friday, 9 a.m. to 6:30 p.m., EDT.

ERCC takes the security of all information in its control seriously, and is taking steps to help prevent a similar event from occurring in the future. This includes but is not limited to (1) replacing the affected hard drives, (2) installing and updating anti-virus and anti-malware software on all ERCC computers, (3) providing ERCC staff with ongoing security awareness training, and (4) notifying government regulators where appropriate.

Once again, ERCC sincerely regrets any inconvenience or concern that this matter may cause and remains dedicated to ensuring the privacy and security of all information in its control.

Category: HackHealth DataMalwareU.S.

Post navigation

← IBM Security 2020 Cost of Data Breach Report Shows 10% Annual Increase in Healthcare Data Breach Costs
NZ: Kiwibank breach ‘significant’ – Privacy Commissioner →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.