Authentic Recovery Center is a drug and alcohol treatment center located in West Los Angeles that had lately encountered a phishing attack causing the possible access of personally identifiable information (PII) and protected health information (PHI) of 1,790 people by an unauthorized person.
Authentic Recovery Center identified the phishing attack on June 21, 2018 and promptly started a complete investigation. The investigation verified that the data breach involved only one email account. Other email accounts and network system stayed protected.
The unauthorized individual acquired email account access initially on June 7, 2018 which carried on until eventually the data breach was noticed on June 21 and access was secured.
When the compromised account was examined, the investigators affirmed it comprised the PHI and PII of customers and staff. Employee data available via the account was restricted to names and driver’s license numbers, except for two persons who likewise got their addresses, phone numbers, birth dates, and Social Security numbers compromised.
Clients affected by the breach had their names compromised and certain medical data. Just one person had his payment card data compromised. Though the account was viewed, there was no evidence found that imply the fraudulent use of data by the threat actor.
For most persons affected by the data breach, the threat of identity theft and fraud is small since the types of data compromised. As a safety measure, all people impacted by the data breach were given free of charge credit monitoring services for one year. It was furthermore proposed that affected persons shoud take a look at their credit reports for possible indication of fraudulent transactions.
Authentic Recover Center executed more controls to safeguard its email accounts and personnel were given more training concerning how they could protect network systems.