Morley Companies based in Saignaw, MI has lately reported that it encountered a cyberattack that began on August 1, 2021, resulting in the inability to access data from its data systems.
The business services provider took immediate action to separate the breached systems and a prominent cybersecurity company was employed to investigate and find out the nature and extent of the security occurrence. Besides encrypting information on its systems, the threat actors exfiltrated some information from its systems.
A thorough analysis was performed of all files contained in its systems that the attackers may have accessed. Morley Companies then began gathering contact data for those people in order to send the notification letters. Morley Companies stated that the process was accomplished at the beginning of 2022, and sending of notification letters to impacted persons began on February 1, 2022.
The forensic investigation affirmed that these types of data were possibly viewed and/or stolen during the cyberattack: Names, addresses, birthdates, Social Security numbers, medical diagnostic and treatment data, client ID numbers, and medical insurance data.
Morley Companies stated it has examined its data security measures and has currently made changes to its cyber environment to avoid the same attacks later on. Impacted people were provided a free credit monitoring and identity theft protection service membership.
The security breach report was submitted to the Department of Health and Human Services’ Office for Civil Rights (OCR) and the authorities. The OCR data breach website shows the PHI of 521,046 persons was possibly exposed.