August 31, 2018
The West Los Angeles-based drug and alcohol cure center, Authentic Recovery Center, is warning 1,790 people that some of their personally identifiable information (PII) and protected health information (PHI) has possibly been gotten by an illegal person as a consequence of a phishing attack.
The phishing attack was found on June 21, 2018 prompting a complete inquiry. The inquiry established that the break was restricted to a single electronic mail account. All other electronic mail accounts and systems continued safe permanently.
Access was first gained by the electronic mail account on June 7, 2018 and carried on until the break was found on June 21 and the account was protected.
An email-by-email analysis of the undermined account disclosed it had the PII and PHI of customers and workers. Worker information accessible through the account was restricted to name and driver’s license number, with the exclusion of two persons who also had their address, date of birth, contact telephone number, and Social Security number disclosed.
Customers impacted by the occurrence had their names disclosed, the fact that they were customers of Authentic Recovery Center and a restricted amount of clinical information. Just one person had payment card information disclosed.
Although the account was retrieved, no indication has been exposed to indicate any information was obtained or abused by the attacker.
For the bulk of people impacted by the break, the danger of identity theft and scam is low because of the kinds of information that were disclosed. Out of an abundance of caution, all people affected by the break have been offered free credit checking facilities for 12 months. It was also suggested that impacted people check their credit reports for any indication of fake activity.
The break has prompted Authentic Recover Center to implement additional controls to safeguard its electronic mail accounts and workers have been provided with additional training concerning how they can safeguard information systems.