Washington Therapist Issues Breach Notification Following Phishing Attack

Robert S. Miller LICSW, ACSW (RSM), a therapist located in Washington, has recently informed 640 of his current and former clients of a phishing attack that has caused some of their protected health information to become exposed.

State regulations necessitate that state attorneys general be notified when a breach of private information of state inhabitants occurs. This is to make sure that individuals affected by the breach can be informed of the situation and can take the necessary steps. Generally, notifications only provide the fundamental details about the breach, yet the therapist in this case went beyond the norm and gave an in-depth explanation of precisely how the phishing attack took place. This enabled state attorneys general to gain a clearer understanding of the incident and react in an appropriate manner.

According to the notification, RSM had purchased security software from the Iolo Software Company, but soon discovered something was missing from his computer. He then received a call from someone claiming to be associated with Iolo who said they were aware his computer had been hacked and asked for permission to clean the device of any viruses or malware. RSM agreed, but was later shocked to find the person requesting eBay cards valued at $300. It was then that he realized the situation was a scam.

The incident in question provided one individual with access to a computer from December 2 to December 4, 2022, potentially allowing them access to a range of files which included names, dates of birth, mailing addresses, email addresses, phone numbers, medical insurance ID numbers, Social Security numbers, and further information such as evaluations, progress notes, mental health rating scales, and letters. In the letter sent to the office of the Washington State Attorney General, RSM claims that “approximately 97% of the clients affected live on Whidbey Island or Anacortes”. To make sure those affected were aware of the circumstance, RSM paid for legal ads to be placed in local newspapers, including the Whidbey News Times, South Whidbey Record, Anacortes American, and the Seattle Times.

In order to thoroughly analyze the breach, reduce damage, and stop similar occurrences from happening in the future, RSM has started putting several necessary precautions into action. These include introducing extra technical safeguards, such as utilizing encryption software; altering and making passwords more secure; notifying the police; deleting all customer details from our systems; having a security firm inspect our computers for viruses or malicious programs; and providing identity theft protection to those whose documents contained their social security numbers. 

“The security of your information is a top priority for RSM”, the letter stated. “We take your trust in us and this matter very seriously and we deeply regret any worry or inconvenience that this may cause you.”

Incidents like this demonstrate how a data breach can have a devastating effect on an individual or business, leaving them vulnerable to identity theft, financial loss, and a damaged reputation. It is important that individuals and their businesses take proactive measures in order to ensure the protection of their data. Measures such as using secure passwords, regularly updating software, and using two-factor authentication can help mitigate the risk of a data breach. By taking these steps, individuals and businesses can help ensure their data is kept safe and secure.