PA: Partners for Quality notifies 3,673 clients after employee email accounts compromised

Pennsylvania-based Partners for Quality is an agency focused on providing services to children with intellectual and developmental disabilities who face behavioral health challenges.  PFQ consists of four entities:

More information about the programs can be found on their web site.

[Note: this is not the same “Milestone” that reported a breach in March. And it is not clear from their notification, described below, whether the breach impacted all four of the entities above or just one of them or some of them.]

On April 19, PFQ posted a notice on their web site and notified HHS that 3,673 clients were being notified of an incident that PFQ discovered on February 19, when they became aware of unusual activity related to some employees’ email accounts. Third-party investigators subsequently determined that unauthorized individuals had access to three employees’ accounts between January 19, 2019 and February 27, 2019.  Those email accounts contained protected health information and certain employee information: name, date of birth, Social Security number, diagnosis or treatment information, medical record number, billing/claims information, health insurance information, driver’s license number, passport information, banking or financial account number, credit / debit card information, PIN number, and username and password.

As of April 19, PFQ had not received any reports of the misuse of this information. Somewhat surprisingly, however, they do not seem to be offering those affected any monitoring assistance or services – or  if they are, they are not mentioning that specifically in their public disclosure.

You can read their full notification on their site.


About the author: Dissent

Comments are closed.