DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

WV: Elkins Rehabilitation & Care Center notifies residents and employees of breach first discovered in February 2019

Posted on July 31, 2020 by Dissent

I know some people may think I’m being too harsh, but really — almost 1.5 years from detection to notifications to people of a breach? Their response in terms of preventing more incidents seems reasonable, but the gap to figure out that notification was needed and then whom to notify seems too long.  What will HHS    or the state attorney general of West Virginia do, if anything? Here is the ERCC’s press release/notice:

ELKINS — Elkins Rehabilitation & Care Center has become aware of a data security incident that may have resulted in unauthorized access to some resident and employee information.

At this time, there is no evidence of any attempted or actual misuse of any personal information. However, ERCC is notifying, via first-class mail, any resident and employee whose information may have been accessed in order to provide details of the incident, ERCC’s response to the incident, and provide resources to help protect any residents and employees in the event they were affected.

Continuing to maintain your trust is a top priority at ERCC, and ERCC sincerely apologizes for any inconvenience or concern this incident may cause.

In February of 2019, ERCC found evidence to suggest that a limited number of ERCC’s employee email accounts may have been inappropriately accessed. Upon discovery of this evidence, ERCC immediately notified its information technology team, who undertook an investigation and found evidence to suggest that malware infected several systems within ERCC’s computer network between Feb. 4, 2019, and Feb. 7, 2019.

ERCC’s information technology team quickly moved to clean the infection, reset all users’ passwords, and identify the malware variant. Once ERCC determined that the variant of malware had the ability to extract emails, ERCC proceeded to engage an e-discovery expert to review the contents of the affected email accounts.

On July 1, 2020, after a thorough and full search of the compromised accounts was completed, ERCC discovered that the affected email accounts may have contained information about some of its current and former residents and employees, including first and last names in combination with one or more of the following attributes: limited protected health information, Social Security numbers, and/or driver’s license numbers.

Once again, ERCC has no evidence of attempted or actual misuse of anyone’s information as a consequence of this incident. Nonetheless, ERCC is informing its residents and employees of this incident out of an abundance of caution.

In light of this incident, ERCC is offering complimentary identity theft restoration and credit monitoring services through Kroll to help protect any impacted current and/or former residents and employees for a certain period of time. ERCC encourages residents and employees who think their information may be at risk to call (844) 929-2285 Monday through Friday, 9 a.m. to 6:30 p.m., EDT.

ERCC takes the security of all information in its control seriously, and is taking steps to help prevent a similar event from occurring in the future. This includes but is not limited to (1) replacing the affected hard drives, (2) installing and updating anti-virus and anti-malware software on all ERCC computers, (3) providing ERCC staff with ongoing security awareness training, and (4) notifying government regulators where appropriate.

Once again, ERCC sincerely regrets any inconvenience or concern that this matter may cause and remains dedicated to ensuring the privacy and security of all information in its control.

No related posts.

Category: HackHealth DataMalwareU.S.

Post navigation

← IBM Security 2020 Cost of Data Breach Report Shows 10% Annual Increase in Healthcare Data Breach Costs
NZ: Kiwibank breach ‘significant’ – Privacy Commissioner →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • National Health Care Fraud Takedown Results in 324 Defendants Charged in Connection with Over $14.6 Billion in Alleged Fraud
  • Swiss Health Foundation Radix Hit by Cyberattack Affecting Federal Data
  • Russian hackers get 7 and 5 years in prison for large-scale cyber attacks with ransomware, over 60 million euros in bitcoins seized
  • Bolton Walk-In Clinic patient data leak locked down (finally!)
  • 50 Customers of French Bank Hit by Insider SIM Swap Scam
  • Ontario health agency atHome ordered to inform 200,000 patients of March data breach
  • Fact-Checking Claims By Cybernews: The 16 Billion Record Data Breach That Wasn’t
  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Trump administration is building a national citizenship data system
  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.