Vision for Hope notification of data security incident
Hope started as a school in Illinois for children with disabilities, but it expanded its mission over the years. This is a notification they posted on August 3:
Vision for Hope (“Hope”) recently discovered an incident that may have involved the personal information or protected health information of some of its patients or other individuals. Although Hope has no reason to believe that any personal information or protected health information has been misused for the purpose of committing fraud or identity theft, it is notifying the potentially affected patients to advise them about the steps it has taken to address the incident and provide them with guidance on what they can do to protect themselves.
Hope recently discovered that an unknown, unauthorized person gained access to the email account of one Hope employee from February 14, 2021 to April 2, 2021. Upon learning of the incident, Hope immediately took action to secure the email account to prevent any further access. Hope engaged a leading forensic security firm to investigate the incident. As part of that investigation, Hope searched the account for any personal information or protected health information. Hope completed its investigation and determined on June 4, 2021 that the account contained personal or protected health information for certain individuals. That information included, depending on the individual, their name, date of birth, Social Security number, driver’s license number, financial account number, medical treatment or diagnosis information, and/or medical insurance information.
On August 3, 2021, Hope began sending written notifications to individuals whose personal information or protected health information was contained in the email account for whom it has contact information, and arranged for complimentary identity theft protection services for those individuals whose Social Security numbers and/or driver’s license numbers were involved in the incident.
Notified individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves. Again, Hope has no reason to believe that any personal information has been misused for the purpose of committing fraud or identity theft, but as a precautionary measure, notified individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Hope deeply regrets any concern or inconvenience this incident may cause. Hope is reinforcing information security procedures with its employees and implementing changes to help prevent an incident like this from happening again. Additional information is available via a confidential, toll-free inquiry line at 855-623-1970 from 8:00 a.m. – 5:30 p.m. Central, Monday through Friday.