STOCKTON, Calif., April 19, 2024 /PRNewswire/ -- Valley Mountain
Regional Center ("VMRC") experienced a data security incident that
involved personal and / or protected health information belonging
to certain current and former patients and has provided notice of
this incident to impacted individuals.
On August 1, 2023, VMRC became
aware of unusual activity on its network environment. Upon
discovering this activity, VMRC immediately took steps to secure
their network and launched an investigation with the assistance of
independent cybersecurity experts. The investigation
subsequently revealed that certain personal information and
personal health information was acquired without authorization on
or about July 29, 2023. VMRC then
engaged a third-party vendor to commence a review of the affected
data to determine whether any sensitive data was involved and
whether personal information may have been affected. On
February 20, 2024, that review
concluded and VMRC confirmed that certain personal information was
involved. VMRC then took steps to notify impacted individuals of
the incident as quickly as possible.
Based on the investigation, the affected information may have
included names, Social Security numbers, taxpayer identification
number, dates of birth, driver's license numbers, username and
password, biometric data, medical treatment and/or diagnosis
information, and/or health insurance information. Please note that
not all data elements were affected for all individuals.
As soon as the incident was discovered, VMRC took the steps
referenced above. VMRC notified the Federal Bureau of Investigation
and will provide whatever cooperation is necessary to hold the
perpetrators accountable, if possible. VMRC also notified the U.S.
Health and Human Services Office for Civil Rights and consumer
reporting agencies of this incident. VMRC is also taking additional
steps to prevent a similar event from occurring in the future.
VMRC is not aware of any evidence of the misuse of any
information potentially involved in this incident. However, on
April 19, 2024 VMRC mailed notice of
this incident to potentially impacted individuals for which VMRC
had identifiable address information. The notice sent to
impacted individuals provided information about the incident and
resources that potentially impacted individuals could utilize to
protect their information including the opportunity to enroll in
complimentary identity protection services through Cyberscout.
VMRC has established a toll-free call center to answer questions
about the incident and to address related concerns. The call
center is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time (excluding
major U.S. holidays) and can be reached at 1-833-538-8494.
All affected individuals may qualify for complimentary identity
protection services through Cyberscout. Individuals who have not
received a notification letter must obtain verification of
eligibility through the call center to enroll in services.
View original
content:https://www.prnewswire.com/news-releases/valley-mountain-regional-center-provides-notice-following-data-security-incident-302122428.html
SOURCE Valley Mountain Regional Center