Posted On May 12, 2022 Consumer Privacy & Data Breaches
May 12- 2022 – Recently, Covenant Care California, LLC announced that the company experienced a data breach after an employee responded to a phishing attack. The Covenant Care data breach resulted in the sensitive information of certain patients being compromised. On May 6, 2022, Covenant Care provided notice of the incident to all affected parties by issuing data breach letters to anyone whose information was compromised in the breach.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Covenant Care data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Covenant Care California, LLC.
According to official notice filed by the company, on February 24, 2022, Covenant Care discovered that an employee at the company’s Wagner Heights Nursing and Rehabilitation Center began experiencing issues with her email account. Upon further investigation, the company verified that the employee had responded to a phishing attack, which gave an unauthorized user access to the employee’s email account.
In response, Covenant Care then sought to determine if any consumer data was leaked as a result of the incident. On April 18, 2022, the company confirmed that certain patient records were present in the account at the time of the unauthorized access.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Covenant Care California then reviewed the affected files to determine exactly what information was compromised. On May 6, 2022, Covenant Care California sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Covenant Care California, LLC
Covenant Care California, LLC is a provider of short- and long-term residential treatment based in Aliso Viejo, California. The company operates 30 skilled nursing facilities, assisted living facilities, rehabilitation centers, and residential care centers across California. Currently, Covenant Care provides care for more than 4,000 residents and patients. Covenant Care California employs more than 8,000 people and generates approximately $1 billion in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Covenant Care data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Covenant Care California, LLC:
We are writing to notify you of an incident that may affect the privacy of some of your information. While, to date, we have no evidence that information potentially affected by this incident has been misused, we take this incident very seriously and are providing you with details of the incident and the resources available to you to help protect your information from possible misuse, should you feel it is appropriate to do so.
On February 24, 2022, Covenant Care California, LLC (“Covenant”) learned that an employee of Wagner Heights Nursing and Rehabilitation Center had experienced suspicious activity within her email account. Immediate steps were taken to secure the account and we promptly commenced an investigation to determine the nature and scope of the incident. Working with our Information Technology (“IT”) Director, IT support services, and third-party forensic investigators, we determined that an unauthorized actor(s) gained access to the employee’s email account for several hours via a phishing email on February 24, 2022. We then undertook a diligent review and analysis of the email account to determine the full nature and scope of the security incident, including what records were present in the account at the time of unauthorized access, to whom those records relate, and what information the records contained. Through this review, on April 18, 2022, we determined that certain patient records were present in the account at the time of the unauthorized access. Based on our investigation, Covenant confirmed that your information was present in the account. While, to date, we are unaware of any actual or attempted misuse of information potentially affected by this incident, we are providing you this notification out of an abundance of caution.
What information was involved?
Below is a list of your information present in the account at the time of the unauthorized access:
What we are doing.
Information privacy and security are among our highest priorities. Wagner Heights Nursing and Rehabilitation Center’s technical, administrative, and physical safeguards are being reviewed to identify and implement any potential enhancements to its security measures, including installation of additional technical safeguards to our email systems. Further, our general privacy and security policies and procedures are being reviewed for potential enhancements, as well as our policies and procedure specific to employee training on email security. Finally, additional employee retraining is being conducted regarding email safety and security awareness.
As indicated above, upon learning of this incident, we quickly took steps to secure the affected email account and initiated a thorough investigation. Our investigation is ongoing and we are working with forensic investigators and other third-party vendors to assist with the investigation, mitigation, and remediation activities. We are also reporting this incident to law enforcement and appropriate state and federal regulators.
We are providing you with notice of this incident and with information and resources you may use to better protect against potential misuse of your information, should you feel it appropriate to do so. As an added precaution and to help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide Identity Monitoring at no cost to you for one year. Kroll provides security incident mitigation and response services and their team has extensive experience helping people who have sustained an unintentional exposure of information. Your Identity Monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.
Visit https://enroll.krollmonitoring.com to activate and take advantage of your Identity Monitoring services.
You have until <<b2b_text_6 (Date)>> to activate your Identity Monitoring services.
Membership Number: <<Membership Number s_n>>
For more information about Kroll and your Identity Monitoring services, please visit info.krollmonitoring.com. In addition, please review the attached “Additional Resources” regarding steps you can take to protect your information”.
What you can do.
We encourage you to activate the Kroll Identity Monitoring services that we are offering as we are not able to act on your behalf to do so. Please review the enclosed “Additional Resources” section included with this letter. This section describes additional steps you can take to help protect yourself, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
For more information.
We recognize that you may have questions not addressed in this letter. If you have additional questions, please call our dedicated assistance line (855) 788-2390, (toll free), Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. Please have your membership number ready.
We sincerely regret any inconvenience this incident may cause you. We remain committed to safeguarding the information in our care and we will continue to take steps to ensure the security of our systems.