Communities Connected for Kids suffered from Data Breach for 7 Months

Communities Connected for Kids (CCK) based in Port St. Lucie of Florida discovered that an unauthorized individual has gained access to the databases containing Protected Health Information (PHI) of some staff members, child clients and their parents.

The breach has been detected when on Mar. 15, 2019, the CCK was told by their third-party vendor regarding suspicious activity in the databases that stores the CCK information. CCK promptly blocked access to databases, and also immediately started investigating the scope and nature of this incident with help from a third-party computer forensics expert. The investigation revealed that access to databases was gained first on Aug. 2018.

During those 7 months when the unauthorized individual has access to databases, a number of sensitive information has been possibly viewed and downloaded.

The CCK determined that type of information possibly impacted might vary from person to person; and the following information types might be impacted: name, Social Security number, contact information, financial information, family information, date of birth, medical record number, prescription information, Medicaid number, clinical and/or medical information including treatment and diagnosis history, and the health insurance information.

As per the breach report that was submitted to Department of Health and Human Services' Office for Civil Rights, this breach has impacted 501 individuals. This figure can rise, as the CCK is still doing a thorough review of databases to determine individuals whose information got exposed. Once all the individuals will be identified, then CCK will sent notification letters and complementary identity theft protection services will be provided to the affected individuals.

CCK takes security and privacy of the sensitive information within their care very seriously. So, CCK has taken immediate steps in order to identify vulnerabilities that were exploited to gain unauthorized access to their databases. Moreover, CCK is working hard for addressing those issues, in order to make sure that security has been improved and more breaches are prevented.

Till now, CCK has notified US Department of HHS (Health and Human Services), Florida Attorney General, the Florida DCF (Department of Children & Families), as well as major news media outlets all over the Florida state. CCK may continue notifying the other appropriate authorities when it learns more.

» SPAMfighter News - 6/24/2019