Family of Woodstock, Inc. , located in Kingston, New York, announced today that it recently became aware of a data privacy incident impacting its servers, which contained protected health and personal information of some FOW clients and employees. FOW is a non-profit network of individuals whose mission is to provide fully accessible crisis intervention, information, prevention, and support services to address the needs of individuals and families. The Agency provides extensive services in the areas of homelessness, domestic violence, emergency shelter, child care, reentry and restorative justice services. FOW is committed to keeping the community informed, communicating about the steps it is taking toward resolution, and ensuring impacted individuals have the tools they need to minimize the impact of the incident.
On August 3, 2021, FOW discovered that they were the victim of a sophisticated cyber incident. After discovering the incident, FOW quickly took steps to secure and safely restore its systems and operations. Further, FOW immediately engaged third-party forensic experts to conduct a thorough investigation of the incident’s nature and scope, assist in the remediation efforts, and contacted law enforcement. On September 11, 2021, FOW concluded its initial investigation and determined that the incident potentially involved protected health and personal information.
Also Read: Strategies to Prevent Credential Fraud
FOW is notifying those potentially impacted by this incident by mail (if possible) and providing steps that can be taken to protect their information, including complimentary identity monitoring and protection services. FOW recommends that these individuals enroll in the services provided and follow the recommendations contained within the notification letter to increase the likelihood that their information remains protected. As of the date of this release, FOW has no evidence indicating misuse of any information. Notification to individuals potentially affected by this incident is being performed out of an abundance of caution and pursuant to the organization’s obligations under the Health Insurance Portability and Accountability Act (HIPAA).
Further, after reviewing the potentially impacted protected health and personal information, FOW determined that it may include patient first and last names, social security numbers, driver’s license numbers, medical information (likely including medications, diagnosis, diagnostics codes, and patient provider names), and health insurance and claims information. As stated above, it is important to note that FOW has no evidence of misuse of any information as of the date of this release.
In response to this incident, FOW is implementing additional cybersecurity safeguards; enhancing its cybersecurity policies, procedures, and protocols; and implementing additional employee cybersecurity training.
As a precautionary measure, FOW recommends that individuals remain vigilant by closely reviewing their account statements and credit reports. If any suspicious activity is detected, FOW strongly advises that the account holder promptly notify the financial institution or company that maintains the account. Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.
For more such updates follow us on Google News ITsecuritywire News.