JDC Healthcare discloses ransomware incident; still figuring out who needs to be notified
DALLAS, Oct. 7, 2021 /PRNewswire/ — JDC Healthcare Management LLC (“JDC”) is notifying individuals of an event that may affect the security of some personal information. While, to date, JDC has no evidence that information has been or will be misused, JDC is providing information about the event, JDC’s response to it, and resources available to help protect personal information. JDC will be mailing written notice to potentially impacted individuals for whom it has contact information. JDC also posted notice of this incident on its website at: https://3k9pi2sm0491ksmp5ktsbsz7-wpengine.netdna-ssl.com/wp-content/uploads/2021/10/JDC-Website-Notice.docx-.pdf.
On or about August 9, 2021, JDC became aware of a malware incident impacting certain company systems. JDC immediately worked to restore its systems and launched an investigation, with assistance from third-party computer forensic specialists, to determine the nature and scope of the incident. While our investigation is ongoing, on August 13, 2021, we determined that certain documents stored within JDC’s environment were copied from or viewed on the system as part of the cyber incident between July 27, 2021 and August 16, 2021. Based on the investigation, JDC is currently conducting a detailed review of the impacted data to determine the type of information and to whom it relates. This effort is currently ongoing.
While the investigation to determine the full scope of information affected is ongoing, the involved JDC systems may have contained the following types of information at the time of the incident: clinical information, demographic information (including Social Security numbers, driver’s license numbers, and dates of birth), health insurance information, and financial information.
However, to date the investigation has found no evidence of actual or attempted misuse of data, JDC is making its community aware in an abundance of caution.
JDC takes the confidentiality, privacy and security of the personal information in its care seriously. Upon learning of this incident, JDC moved quickly to investigate and respond to this incident, assess the security of its systems, restore functionality to its environment, and notify potentially affected individuals. As part of JDC’s ongoing commitment to the security of information, JDC is reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event and has reported this incident to law enforcement. JDC will also be reporting this incident to the U.S. Department of Health and Human Services and state regulators, as appropriate.
We recognize that individuals may have questions that were not addressed. If you have additional questions, please contact (844) 788-0420, Monday through Friday, from 9 a.m. to 4 p.m. Central Time.
JDC encourages individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious activity. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order a free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. Individuals may also contact the three major credit bureaus directly to request a free copy of their credit report.
Read the full notice on PRNewswire.
This incident has not shown up (at least, not yet) on any of the dozens of leak sites by ransomware groups or markets.