From their press release:
La Posada is providing notice of a recent incident that may affect the security of some information pertaining to current and former employees. The confidentiality, privacy, and security of information in La Posada’s care is one of its highest priorities and La Posada takes this incident very seriously.
What Happened? On December 10, 2021, certain La Posada IT systems became infected with a software virus that prohibited access to some files and email. Upon discovery, La Posada notified law enforcement and began an investigation, which includes working with third-party forensic investigators, to determine the full nature and scope of the incident, and to secure the La Posada network. That investigation determined that there may have been unauthorized access to certain information. La Posada then took steps to identify the individuals who may have been impacted. On January 24, 2022, that investigation concluded. La Posada is notifying those individuals whose information may have been impacted. La Posada first provided notice of this incident on February 8, 2022.
What Information Was Involved? The potentially accessed information varies by individual, but may include first and last name, date of birth, driver’s license, Social Security number, direct deposit information, passport number, Drug and/or TB test results, information associated with explanation of benefits, self-funded medical plan participants, Member ID numbers, and COVID Vaccine cards.
What We Are Doing. We take this incident and the security of personal information in our care very seriously. Upon learning of this incident, we moved quickly to investigate and respond to this incident, assess the security of our systems, and notify potentially affected employees. As part of our ongoing commitment to the security of information, we are reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event. We will also be notifying state and federal regulators, as required.
For More Information. If you have additional questions, please call the dedicated assistance line at 855-604-1839, which is available Monday through Friday, between the hours of 8:00 a.m. and 8:00 p.m. Mountain Time, or write to La Posada at 350 E. Morningside Rd, Green Valley, AZ 85614. La Posada recommends that potentially impacted individuals follow the recommendations in the letter they received and contact the call center with any questions.
What Can You Do? La Posada sincerely regrets any inconvenience this incident may have caused. La Posada encourages you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity.
Read more at https://www.prnewswire.com/news-releases/la-posada-provides-notice-of-privacy-incident-301483174.html
Source: La Posada at Park Centre, Inc
Somewhat surprisingly, the notice does not say anything about offering their current and former employees any mitigation services.
This incident does not appear on HHS’s public breach tool as of the time of this publication.