Communities Connected for Kids (CCK) based in Port St. Lucie, FL discovered unauthorized access to its databases that contain the protected health information (PHI) of child clients, their mothers and fathers and employees.
CCK became aware of the breach when one of its third-party vendors detected suspicious activity in the databases. A third party computer forensics professional investigated the breach and confirmed that access to the databases first occurred in August 2018. When the breach was diagnosed in March 2019, database access was quickly blocked. In the 7 months of database access, the hacker could have viewed and downloaded a range of sensitive data.
The data exposed differed from one person to another. The following may have been compromised: names, contact details, birth date, Social Security number, financial data, family data, Medicaid number, medical record number, prescription details, health insurance plan details, and medical and clinical data like diagnoses and treatment data.
CCK submitted a breach report to the Department of Health and Human Services’ Office for Civil Rights, which indicated that 501 persons were affected by the breach. That number may increase, since CCK is still reviewing the databases to know the persons whose data were exposed. As soon as all persons were identified, CCK will send notification letters to the affected people and will offer free identity theft protection services.
CCK has determined the issues that led to the unauthorized access of the databases. The organization is working hard to deal with the issues to improve security and prevent further breaches.