Catholic Charities of Baltimore issued a press release today after an employee’s email account was hacked and personal and protected health information of the charity’s clients may have been accessed or acquired. The press release does not indicate how many people they are notifying. Nor does it indicate how the hack occurred – did the employee fall for some phishing attack? It would be helpful to know.
Here is the press release with what we do know so far:
Catholic Charities of Baltimore recently became aware of a security incident that may have affected the personal information of some of our clients. We are providing this notice as a precaution to inform potentially affected clients of the incident and to call their attention to some steps they can take to help protect themselves. We sincerely regret any concern this incident may cause.
What Happened
We learned on November 29, 2016, that a Catholic Charities employee’s email mailbox was accessed by unknown person(s) without authorization on October 17, 2016. While we have no evidence that the unknown person(s) actually read the emails, we are notifying individuals of the incident out of an abundance of caution. We are not aware of any fraud or misuse of any information as a result of this incident.
What Information Was Involved
The affected emails may have included information such as name, address, phone number, date of birth, insurance identifiers, a unique ID that Catholic Charities assigns to individuals, the name or type of the provider, and diagnostic and treatment information. The mailbox also contained a limited number of Social Security Numbers.
What We Are Doing to Address the Incident
We take our responsibility to safeguard all protected health information seriously and deeply regret that this incident occurred. We took steps to address and contain this incident promptly after it was discovered by securing the mailbox to prevent further access to emails and conducting an investigation with the assistance of a third-party forensic expert. We reset the employee’s password to help prevent any additional information from being affected by this incident. We are currently reviewing the information security measures we have in place to help prevent a similar incident from occurring in the future.
What We Are Doing to Assist Individuals
In addition, we are offering twelve months of complimentary identity protection services from an identity monitoring services company to individuals whose Social Security Numbers may have been affected by this incident.
What Individuals Can Do
We recommend that individuals exercise caution before providing personal information to strangers who claim to be associated with Catholic Charities or one of our programs. For example, someone may falsely claim to be associated with Catholic Charities in order to get an individual to provide personal information. Anyone with questions about the authenticity of any request received from us or from someone claiming to be associated with Catholic Charities can call us at 667-600-3000.
As a precaution, we also want to make individuals aware of steps that they can take to guard against identity theft or fraud. We recommend that individuals review health insurance Explanation of Benefits or similar documents and financial account statements as soon as possible in order to monitor for any discrepancies or unusual activity. Individuals should remain vigilant and continue to monitor statements for unusual activity going forward. If an individual sees anything that they do not understand or that looks suspicious, or suspects that any fraudulent transactions have taken place, that individual should call his or her health insurer, health plan, or financial institution immediately.
We also recommend that individuals carefully check credit reports for accounts they did not open or for inquiries from creditors they did not initiate. If an individual sees anything that they do not understand, that individual should call the credit agency immediately. If an individual finds any suspicious activity on a credit report, that individual should call the local police or sheriff’s office, and file a police report for identity theft and get a copy of it. An individual may need to give copies of the police report to creditors to clear up credit records.
For More Information
For more information about this incident, affected individuals may contact us toll-free at 844-604-4276 between 9 a.m. and 9 p.m. Eastern Time, Monday through Friday. Again, we regret any concern this incident may cause.
About Catholic Charities of Baltimore
Catholic Charities of Baltimore serves children and families, people living in poverty, individuals with intellectual disabilities, immigrants, and seniors. Our services address immediate needs as well as support and preparation for independence and full lives. With compassion and a standard of excellence second to none, we continue a legacy of charity that began with the establishment of the Catholic Church in Baltimore in 1792.
SOURCE Catholic Charities of Baltimore