DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

PA: Indian Creek Foundation Provides notification ransomware incident

Posted on September 14, 2021 by Dissent

Indian Creek Foundation provides services to 1,200 youth and adults with intellectual disabilities and Autism. The following is a press release they have issued:

SOUDERTON, Pa., Sept. 13, 2021  — On February 6, 2021, ICF discovered that portions of its computer network were infected with malware that encrypted certain systems. ICF promptly took the affected systems offline, initiated other containment measures, and with the assistance of third-party forensic specialists, launched an investigation into the nature and scope of the incident. The investigation confirmed that certain folders may have been accessed or removed from ICF systems without authorization on February 6, 2021. ICF therefore undertook a lengthy, time-intensive, and thorough review of the potentially impacted folders and its internal files and systems in order to identify the information that was potentially impacted and to whom it related. In conjunction with this review, on or about April 15, 2021, a third-party firm was engaged to programmatically and manually review the information at issue in order to identify impacted individuals and the types of data associated with those individuals. Concurrently, ICF internally reviewed its databases. and, on or about July 14, 2021, first determined that one or more of the potentially impacted folders included protected information related to individuals. ICF continued to diligently review and reconcile the information with its internal records in furtherance of identifying the individuals to whom the data related and the appropriate contact information for those individuals. Those efforts were completed on or around August 24, 2021, at which time ICF determined the scope of impacted individuals and the types of data associated with those individuals as a result of the extensive internal review. ICF thereafter worked to provide notification to potentially impacted individuals as quickly as possible.

Although the information varies by individual, the involved ICF systems contained the following types of information at the time of the incident: name, Social Security number, driver’s license number, health insurance information, medical treatment/diagnosis information, and financial account information.

Information security is one of ICF’s highest priorities. Upon discovering this incident, ICF took steps to respond. Further, ICF notified federal law enforcement regarding this event. Moreover, ICF is reviewing and enhancing existing policies and procedures and implementing additional safeguards to further secure the information in its systems and reduce the likelihood of a similar future event. ICF is also notifying relevant regulatory authorities as required. As an added precaution, ICF is offering complimentary access to credit monitoring and identity restoration services to potentially impacted individuals.

Should individuals have questions regarding this event or wish to inquire as to their eligibility for the complimentary credit monitoring and identity restoration services, they may call ICF’s dedicated assistance line at 800-974-0685, which is available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time. Individuals may also write to ICF at 420 Cowpath Road, Souderton, PA 18964, or via email [email protected].

ICF encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits and monitoring free credit reports for suspicious activity.

Read more of the press release on PR Newswire or on ICF’s web site.

 

Category: Health DataMalwareU.S.

Post navigation

← TX: Medical provider waited months to send patients letters about ransomware attack
Ottawa Hospital apologizes to unvaccinated staff for privacy breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach
  • Oklahoma Expands its Security Breach Notification Law
  • Ransomware group Gunra claims to have exfiltrated 450 million patient records from American Hospital Dubai.
  • North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms
  • When ransomware listings create confusion as to who the victim was
  • Rajkot civic body’s GIS website hit by cyber attack, over 400 GB data feared stolen
  • Taiwan’s BitoPro hit by NT$345 million cryptocurrency hack
  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Florida ban on kids using social media likely unconstitutional, judge rules
  • State Data Minimization Laws Spark Compliance Uncertainty
  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.