I previously noted that Choices, Inc. in Indiana reported a hacking incident on May 10 affecting 550 clients at their Adult & Child Care Center. I was unable to find any additional details on this incident at the time I posted the entry, but now it appears that at least two other Choices, Inc. facilities were affected by the incident. The most recent update to HHS’s breach tool indicates that Diversified Support Services in Indiana had 505 clients affected while Midtown Mental Health Center, also in Indiana, had 890 clients affected.
A notice on their web site indicates that all of Choices, Inc. facilities were affected:
On or about May 10, 2012, Choices, Inc. learned that its website and computer system was breached by an unknown, external third party “hacker”. Choices promptly secured all systems and conducted a detailed investigation which confirmed the “hacker” illegally accessed a combination of Social Security numbers, private health and other demographic information, for Choices’ clients, family members and some providers.
Choices is notifying many of the affected individuals of these matters by certified mail. Because Choices does not have up-to-date contact information for everyone this notice is also being published both on Choices website and in The Indianapolis Star to enhance our notification efforts.
Since 1997, Choices and its affiliated health care providers have arranged services for clients through several programs, including but not limited to the following: Indiana Behavioral Health Choices, Dawn Project, Northern Indiana Team Choices (NITCH), Families Reaching for Rainbows, Youth Emergency Services (YES), Action Coalition to Ensure Stability (ACES), Mentoring Children of Prisoners, Community Transitions Program, Back to Home/Back to School, Going Home, Youth Reception Center, Community for Education.
If you believe you or someone you know was enrolled in one of the above programs, please contact Experian immediately using their toll-free number, 1-866-252-9553. Their call center is available 24 hours a day to provide you additional information on these matters. Choices is offering identity theft protection services to the individuals whose Social Security numbers were involved.
Please be assured that Choices takes our obligation to protect the privacy and security of our clients’ protected health information very seriously.
Sincerely,
Knute Rotto
CEO/President
Choices, Inc.
According to their LinkedIn profile, Indianapolis-based Choices, Inc. “serves youth in the child welfare, juvenile justice and mental health systems. Choices graduated from the federal systems of care federal grant program in 2005. Since 1997 Choices has served thousands of youth and their families in Indiana, Ohio, Maryland and Washington DC.”
It’s not clear from the notice whether all of the thousands of former and current clients have been affected by the incident.
Update of August 20: According to the notice provided to the New Hampshire Attorney General’s Office by Choices’ attorneys, the hacker “copied and downloaded” the data.