Posted On January 11, 2023 Consumer Privacy & Data Breaches
January 11, 2023 – After discovering that they had been the target of a ransomware attack on January 10, 2023, Maternal & Family Health Services, Inc. (“Maternal & Family”) filed a notice of data breach with several attorney general offices. According to the filing, an unauthorized third party gained access and leaked information. The information that had been leaked was consumers’ first and last names, dates of birth, addresses, Social Security numbers, passport information, medical information, health insurance information, and financial account information. After confirming the data leak, Maternal & Family sent out A data breach notification letter to all 460,000 individuals affected by the attack.
Data breach lawyers at Console & Associates, P.C. are currently investigating the attack at Maternal & Family Health Services, Inc. if you have received a notification letter, then your information may be in the hands of an unauthorized party looking to commit crimes using your information. We offer consultations to all those affected by the attack, risk-free and free of charge. You should know what your options are regarding financial compensation that may be owed to you by Maternal & Family.
Maternal & Family Health Services, Inc. is a non-profit health and human service organization that specializes in programs for children, women, and families. Originally founded in 1971 in Wilkes Barre, Pennsylvania, and operating across several counties throughout Northeastern Pennsylvania, Maternal & Family now serves over 90,000 people. The company also employs over 116 people and annually generates approximately $14 million in revenue.
Information provided by Maternal & Family Health Services, Inc. Comes from its filings with the Maine Attorney General and the Montana Attorney General. Per the information in the filings, Maternal & Family Health Services, Inc. discovered that it had been involved in a ransomware attack. The company gave no further information about how this discovery had been made. With the help of a third-party forensic specialist, the company launched an investigation.
Maternal & Family Health Services, Inc. confirmed the breach And suspects that the breach began on August 21, 2021 and ended sometime around April 4, 2022. While it may be different for each individual, the Information that had been leaked was consumer first and last names, dates of birth, addresses, Social Security numbers, passport information, medical information, health insurance information, and financial account information.
On January 10, 2023, Maternal & Family Health Services, Inc. sent letters informing affected individuals of the breach. The filing with The Maine attorney general has confirmed that over 460,000 victims have been affected by the breach.
Ransomware is the type of software, also called malware, that hackers install on a computer system to encrypt files and block the company’s access to its own data. Hackers are able to access that data and use the information however they want.
Hackers will encrypt the files and leave a message for the company to pay a ransom to regain access to its computer network. This is called a ransomware attack. However, hackers have incorporated multiple levels into their attacks now. They will give the company a certain amount of time to make that payment with the threat that the information will be released on the dark web if the ransom is not paid. This is called “double extortion.”
Ransomware attacks are a common form of cyberattack and are most likely to lead to fraud and identity theft. If it is found that a company like Maternal & Family Health Services, Inc. was negligent in its duty to secure the confidential information of its consumers, it may be liable for financial damages as a result of the breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Maternal & Family Health Services, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
Maternal & Family Health Services recently experienced a data security incident which may have affected your personal information. We take the protection and proper use of your information seriously and sincerely apologize for any inconvenience this incident may cause. This letter contains additional information about the incident, our response to this incident and steps you can take to protect yourself.
On or about April 4, 2022, Maternal & Family Health Services experienced a ransomware incident. During a typical ransomware incident, cybercriminals try to “lock” an organization’s digital files in an attempt to get paid for a digital key to unlock the files. We promptly launched an investigation, engaged a national cybersecurity firm to assist in assessing the scope of the incident and took steps to mitigate the potential impact to our community. Unfortunately, these types of incidents are becoming increasingly common and even organizations with some of the most sophisticated IT infrastructure available are affected. We have worked diligently to determine what happened and what information was involved as a result of this incident. A third-party forensic investigation determined the incident occurred between August 21, 2021 and April 4, 2022. RI Residents: The forensic investigation further determined that the incident potentially impacted approximately [Redacted]
What Information Was Involved
The elements of your personal information that may have been compromised may have included, and potentially were not limited to, your: name, address, date of birth, Social Security number, driver’s license number, financial account/payment card information, medical information and/or health insurance information. Please note that there is no evidence at this time that any of your personal information has been misused as a result of the incident.
What We Are Doing
We are working with cybersecurity counsel to determine the actions to take in response to the incident. Together, we continue to investigate and closely monitor the situation. Further, we are taking steps to strengthen our security posture to prevent a similar event from occurring again in the future.
Out of an abundance of caution, we have arranged for you to enroll in a complementary, credit monitoring and identity theft protection service through IDX, the data breach and recovery services expert. IDX identity protection services include: [Redacted] months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
What You Can Do
To enroll in the complimentary credit monitoring service that we are offering you, please go to [Redacted] and use Enrollment Code [Redacted], follow the steps to receive the credit monitoring service online within minutes. If you do not have access to the Internet and wish to enroll, please call IDX’s toll-free hotline at (833) 896-7339.
You can sign up for the online or offline credit monitoring service anytime between now and April 3, 2023. Due to privacy laws, we cannot register you directly. Please note that credit monitoring services might not be available for individuals who do not have a credit file with TransUnion or an address in the United States (or its territories) and a valid Social Security number. Enrolling in this service will not affect your credit score.
Once you are enrolled, you will be able to obtain [Redacted] months of credit monitoring service which will notify you if there are any critical changes to your credit file at TransUnion, including fraud alerts, new inquiries, new accounts, new public records, late payments, changes of address, and more. The service also includes access to an identity restoration program that provides assistance in the event that your identity is compromised and up to $1,000,000 in identity theft insurance with no deductible. (Policy limitations and exclusions may apply.)
At this time, we are not aware of anyone experiencing fraud as a result of this incident. We encourage you to remain vigilant, monitor your accounts, and immediately report any suspicious activity or suspected misuse of your personal information. Additionally, we recommend that you review the following page, which contains important additional information about steps you can take to safeguard your personal information, such as the implementation of fraud alerts and security freezes.
For More Information
Please know that the protection of your personal information is a top priority, and we sincerely apologize for any concern or inconvenience that this matter may cause you. If you have any questions, please do not hesitate to call (833) 896-7339, Monday – Friday, 9 am – 9 pm Eastern Time.