Posted On January 25, 2023 Consumer Privacy & Data Breaches
January 25, 2023 – Livingston Memorial VNA and affiliated companies Livingston Memorial Visiting Nurse Association and Livingston Caregivers, collectively known as “Livingston Memorial,” filed a notice of a data breach with the Attorney General of Montana on January 20, 2023 after learning of a ransomware attack on its computer network. According to the filing, an unauthorized party gained access to confidential consumer information. The company has not yet disclosed what type of information was leaked. Once it was confirmed that there was a data leak, Livingston Memorial sent notification letters to all individuals affected by the security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Livingston Memorial data breach. If you received a notification letter and are interested in learning what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving financial compensation from Livingston Memorial. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Livingston Memorial VNA Health Corporation and affiliated companies, Livingston Memorial Visiting Nurse Association and Livingston Caregivers, are home health and hospice care non-profit agencies that provide services for those requiring home hospice care or bereavement services after the loss of a loved one by employing physicians, occupational therapists, nurses, registered dietitians, social workers, physical therapists, social workers, speech therapists, certified nursing assistants, volunteers, counselors, and chaplains. Including its base location in Ventura County, California, Livingston Memorial has five locations throughout California in Camarilla, Ojai, and Thousand Oaks. The healthcare agency employs over 166 people and generates approximately $18 million in revenue annually.
According to its filing with the Attorney General of Montana, Livingston Memorial discovered encryption on its computer systems on February 19, 2022. The company ensured the security of its computer network and began working with cybersecurity specialists to investigate the breach and determine the extent of the information leak.
Livingston Memorial reviewed files to determine what information had been made available and concluded the investigation on November 3, 2022. Livingston Memorial has not publicly announced what information was accessed.
On January 20, 2023, Livingston Memorial sent notification letters to all individuals affected by the breach.
While Livingston Memorial was also a victim of the breach, they were also the ones responsible for keeping your confidential information secure. As a consumer, you were confident that your information would be secure with Livingston Memorial, and you had no choice but to trust them in order to use the services they provide. This data breach has called that trust into question. It is their responsibility to ensure that your information stays secure and out of the hands of hackers looking to commit various crimes, including identity theft and fraud.
Though the investigation is ongoing, if there is any evidence that Livingston Memorial displayed negligence in the security of your information and the company’s computer systems, you may be able to pursue a lawsuit against them for financial compensation.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Livingston Memorial VNA data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
Livingston Memorial VNA Health Corporation and its affiliates Livingston Memorial Visiting Nurse Association and Livingston Caregivers (collectively, “Livingston Memorial”) provide a variety of services in Ventura, California, including home health, hospice care, and free grief and bereavement services. Livingston Memorial is writing to inform you of a data security incident that may have resulted in an unauthorized access to your personal information. While we are unaware of any fraudulent misuse of your personal information at this time, we are providing you with details about the incident, steps we are taking in response, and resources available to help you protect against the potential misuse of your information.
On February 19, 2022, Livingston Memorial discovered that an unauthorized party gained access to its computer systems and encrypted information stored on our systems. Livingston Memorial terminated the unauthorized access, and promptly engaged a specialized third-party cybersecurity firm to assist with securing the environment, as well as, to conduct a comprehensive forensic investigation to determine the nature and scope of the incident. During the investigation, Livingston Memorial proceeded with Substitute Notice pursuant to HIPAA from May 6, 2022 to August 9, 2022 by posting notice of this Incident on its website. On November 3, 2022, Livingston Memorial finalized the list of individuals to notify.
What Information Was Involved?
Although Livingston Memorial has no evidence that any sensitive information has been misused by third parties as a result of this incident, we are notifying you out of an abundance of caution and for purposes of full transparency. Based on the investigation, the following information related to you may have been subject to unauthorized access: [Redacted].
To date, Livingston Memorial has no reason to believe that there was a misuse of the potentially accessed information. Livingston Memorial is providing notice of this incident to you out of an abundance of caution.
What We Are Doing
Data privacy and security is among Livingston Memorial’s highest priorities, and we are committed to doing everything we can to protect the privacy and security of the personal information of the patients in our care. Since the discovery of the incident, Livingston Memorial moved quickly to investigate, respond, and confirm the security of our systems.
Specifically, Livingston Memorial has greatly enhanced its cybersecurity controls, including increased logging and alerting when incidents occur, full review of Security Policies, full review of all Firewall Policies, implementing additional internal controls and safeguards, increasing frequency of External Security Penetration Assessments, and took steps and will continue to take steps to mitigate the risk of future harm.
In response to the incident, we are providing you with access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score/Cyber Monitoring services at no charge. These services provide you with alerts for twelve (12) months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Cyber monitoring will look out for your personal data on the dark web and alert you if your personally identifiable information is found online. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services.
What You Can Do
We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Please review the enclosed Steps You Can Take to Help Protect Your Information, to learn more about how to protect against the possibility of information misuse.
To enroll in Credit Monitoring services at no charge, please log on to [Redacted] and follow the instructions provided. When prompted please provide the following unique code to receive services.
In order for you to receive the monitoring services described above, you must enroll within 90 days from the date of this letter. The enrollment requires an internet connection and e-mail account and may not be available to minors under the age of 18 years of age. Please note that when signing up for monitoring services, you may be asked to verify personal information for your own protection to confirm your identity. We would like to reiterate that, at this time, there is no evidence that your information was accessed or misused. However, we encourage you to take full advantage of the services offered.
For More Information
Representatives are available for 90 days from the date of this letter, to assist you with questions regarding this incident, between the hours of 8:00 AM to 8:00 PM Eastern Time, Monday through Friday. Please call the help line and supply the fraud specialist with your unique code listed above.
Livingston Memorial sincerely regrets any concern or inconvenience this matter may cause, and remains dedicated toensuring the privacy and security of all information in our control.