MN: Riverplace Counseling Center Notifies 11,639 Patients After Security Incident

From their notice:

ANOKA, MINNESOTA – April 11, 2019 – Riverplace Counseling Center has become aware of a potential data security incident that may have resulted in the unauthorized access to personal information, including health information. Although at this time, there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have taken steps to notify all potentially impacted individuals and to provide resources to assist them.

On January 20, 2019, we discovered that we had been victim of a cybersecurity incident. We engaged a computer technology firm to assist in removing the malware and restoring our systems from backup. We also engaged independent computer forensics experts to determine how the incident occurred and whether any information had been accessed by the unauthorized intruder. On February 18, 2019, the investigation concluded. Although the investigation did not identify any evidence of access to your information, we unfortunately could not completely rule out the possibility that your personal information, including your name, address, date of birth, Social Security number, health insurance information, and treatment information, may have been accessible.

We take the privacy and security of all information in our control very seriously, and we want to assure you that we are taking steps to prevent a similar event from occurring in the future. These steps include implementing additional technical safeguards including additional spam filters, firewalls and antivirus software system-wide; providing additional staff training on identifying unauthorized access; and securing a specialized cybersecurity firm to further assist us in implementing system-wide policies and procedures to help prevent a similar incident from occurring in the future.

We mailed letters to individuals potentially impacted by this event, which include information about the incident and steps potentially impacted individuals can take to monitor and protect their personal information. We have established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 8:00 a.m. to 5:30 p.m., Central Time, and can be reached at (833) 231-3359. In addition, out of an abundance of caution, we are offering complimentary identity monitoring services through Kroll to potentially impacted individuals at no cost to them.

The privacy and protection of personal information is a top priority, and we sincerely regret any inconvenience or concern this incident may cause.

About the author: Dissent