From their press release:
National Mentor Healthcare, LLC (d/b/a Georgia MENTOR) is notifying individuals of a data security event that could potentially impact the security of certain personal information. Although we are unaware of any actual or attempted misuse of the information, we are providing potentially impacted individuals with information about the event, steps taken since discovering the event, and what can be done to protect against potential harm.
On December 21, 2017, Georgia MENTOR discovered that an unencrypted disk sent by a third-party software provider containing documents that included sensitive information appeared to have been lost in the mail. We immediately launched an investigation to determine the nature and scope of this incident, the types of information involved and the individuals who may be affected. We retained a third-party expert to assist us with this investigation. Notably, we continue to have no evidence of actual or attempted misuse of information as a result of this incident.
What Information Was Involved
It was determined that with respect to Georgia MENTOR the lost disk contained one or more of the following types of information: name and limited medical information, and, for one individual, social security number.
Georgia MENTOR is mailing notice letters to the affected individuals. We are also reporting this incident to U.S. Department of Health and Human Services and certain state regulators as required.
What Affected Individuals Can Do
Georgia MENTOR is unaware of any actual or attempted misuse of the information, and emphasizes that it cannot confirm whether the information was actually accessed. Nevertheless, we encourage affected individuals to review financial statements, monitor credit reports, and report suspicious activity to the institution with whom the information is shared.
Any affected individual can learn more about this incident by calling Georgia MENTOR directly at 888-818-8990.
Georgia MENTOR takes seriously its responsibility to safeguard the confidentiality, privacy and security of information in our custody. We have security measures in place and are taking additional steps to enhance data security going forward. We regret that any information was put at risk.