Posted On March 1, 2023 Consumer Privacy & Data Breaches
March 1 – Evergreen Treatment Services filed a notice of a data breach with the US Department of Health and Human Services Office for Civil Rights (HHS-OCR) on February 10, 2023 after discovering that patient information had been accessed by an unauthorized party. According to the filing, sensitive patient information, such as names, dates of birth, addresses, treatment information, and Social Security numbers, were leaked. After confirming the leak, Evergreen sent data breach notification letters to all 21,000 affected individuals.
If you have been notified by Evergreen that your information was leaked in the data breach, we at Console & Associates, P.C. suggest that you get in touch with our data breach lawyers as soon as possible. Free consultations are available to help you determine your next course of action, protect yourself, and see whether you can pursue a data breach lawsuit against Evergreen Treatment Services for financial compensation.
Evergreen Treatment Services is a facility that specializes in substance abuse treatment and provides services to people with substance abuse disorders. The organization also helps those who don’t have homes by introducing them to social services. Established in 1973 and based in Seattle, Washington, Evergreen now has four locations, the Seattle Clinic, South Sound Clinic, South King County Clinic, and Reach Clinic. The organization also has over 267 employees and generates approximately $11.4 million in revenue annually.
According to the filing with the US Department of Health and Human Services Office for Civil Rights, Evergreen discovered that there had been unusual activity on the company’s computer network. No information was given as to the timeframe of when the cyberattack occurred. Evergreen immediately secured its network and began working with a third-party cybersecurity firm to investigate the breach.
The investigation was concluded on January 11, 2023. After reviewing the files and confirming the leak, Evergreen discovered that sensitive patient information had been compromised, including names, dates of birth, addresses, treatment information, and Social Security numbers were leaked, though the information varies by individual.
On February 10, 2023, Evergreen Treatment Services sent notification letters to all individuals affected by the data breach, including the HHS-OCR reported 21,325 patients.
Once your confidential information is in the hands of a hacker, they don’t wait long before using the information or selling it on the dark web. As a victim of the breach, you have to move fast to do what you can to mitigate the damages that may be caused by the leak of your information because hackers usually have a head start.
Below is a list of steps you can take as soon as you find out that you were a victim of a data breach. This is not a comprehensive list, and you may wish to take additional steps if your financial information has been released.
Companies that have been breached must report the incident to all victims of the breach and the states where those victims live. Carefully read over the information provided by Evergreen. Data breach letters often contain pertinent information about the breach, such as how the hackers gained access to the computer network, what steps the company is taking to ensure patient security in the future, and if any victims of the breach have reported fraud or identity theft.
Evergreen Treatment Services is offering all victims of the breach free credit monitoring. Credit monitoring services typically cost anywhere from $20-$40 a month, so you should take advantage of the offer for this service free of charge. Taking Evergreen up on its offer for free credit monitoring does not disqualify you from pursuing a data breach lawsuit against the company.
It is always a good idea to monitor your accounts closely. Monitor your financial accounts and credit profile for any suspicious activity and report it immediately if detected. Monitor for longer than you think is necessary. Sometimes, a hacker doesn’t use the information obtained immediately if they need another key piece of information. It could be weeks or even months before the confidential information is used.
A credit freeze and fraud alert are complimentary services provided by the main credit bureaus. A credit freeze stops anyone from examining your credit without your approval. A fraud alert serves as a warning to other businesses. It will tell any company checking your credit that your data may have been exposed and that you could be a target of identity theft or fraud.
Even if your financial information has not been breached, it is important to ensure that all your online accounts are secure. Change the passwords for each account, and make sure to use strong passwords that are difficult to guess. In some cases, a hacker may not have all the details they require to perpetrate fraud or identity theft, so they might try to access your information from other accounts. If you can, it is a good idea to use two-factor authentication to protect your data.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Evergreen Treatment Services data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the notice posted on their website:
Seattle, WA – February 13, 2023 – Evergreen Treatment Services announced today that it is notifying individuals whose information was involved in a recent cybersecurity incident.
Recently, Evergreen Treatment Services (“ETS”) discovered a cybersecurity incident that impacted its IT systems. Immediately upon identifying the incident, ETS quickly engaged third party cybersecurity experts to assess, contain, and remediate the incident. Law enforcement was also notified.
An investigation into the scope of the incident was launched to determine what, if any, information was accessed and acquired by the unauthorized party. The investigation determined that certain patients’ information may have been exposed to the unauthorized party, including the following categories of information: name, address, date of birth, Social Security Number and treatment information.
While the investigation did not find any instances of fraud or identity theft that have occurred as a result of this incident, out of an abundance of caution, ETS is notifying individuals whose personal information was involved and providing resources they can use to help protect their information. ETS is offering complimentary credit monitoring and identity theft protection services through IDX. ETS also recommends that individuals review any statements they receive from their health care providers or health insurers. If individuals see any medical services that they did not receive, please call the provider or insurer immediately.
ETS takes its responsibility to safeguard personal information seriously and regrets any concern this incident may have caused. As part of ETS’s ongoing commitment to the security of information, the organization has reviewed and enhanced its data security policies and procedures in order to help reduce the likelihood of a similar event in the future.
Individuals with questions may contact the dedicated call center at 1-833-758-1688 from 6:00 am to 6:00 pm (PST), Monday through Friday, if any current or former patients have questions.
Evergreen Treatment Services sincerely regrets any inconvenience or concern that this matter may cause and remains dedicated to ensuring the privacy and security of all information in its control.