The National Association of Community Health Centers (NACHC) will start mailing letters on Monday to 935 current and former employees to inform them of a data breach last year.
According to a copy of their notification letter that was submitted to the Maine Attorney General’s Office, on October 16, NACHC discovered that certain systems had become inaccessible.
An investigation completed on December 13, 2021 determined that threat actors had accessed and encrypted several servers as part of a coordinated cyberattack that began on October 4. They were unable to determine whether data on the compromised servers had been exfiltrated.
The information on the servers included employee names, addresses, dates of birth, salary, income and tax information, Social Security numbers, type of insurance coverage along with beneficiary names, emergency contact names, and employee start dates.
Those being notified are being offered 24 months of identity protection services including credit monitoring, an insurance reimbursement policy, and fully managed identity theft recovery services.