STOCKTON, Calif., April 19, 2024 /PRNewswire/ — Valley Mountain Regional Center (“VMRC”) experienced a data security incident that involved personal and / or protected health information belonging to certain current and former patients and has provided notice of this incident to impacted individuals.
On August 1, 2023, VMRC became aware of unusual activity on its network environment. Upon discovering this activity, VMRC immediately took steps to secure their network and launched an investigation with the assistance of independent cybersecurity experts. The investigation subsequently revealed that certain personal information and personal health information was acquired without authorization on or about July 29, 2023. VMRC then engaged a third-party vendor to commence a review of the affected data to determine whether any sensitive data was involved and whether personal information may have been affected. On February 20, 2024, that review concluded and VMRC confirmed that certain personal information was involved. VMRC then took steps to notify impacted individuals of the incident as quickly as possible.
Based on the investigation, the affected information may have included names, Social Security numbers, taxpayer identification number, dates of birth, driver’s license numbers, username and password, biometric data, medical treatment and/or diagnosis information, and/or health insurance information. Please note that not all data elements were affected for all individuals.
As soon as the incident was discovered, VMRC took the steps referenced above. VMRC notified the Federal Bureau of Investigation and will provide whatever cooperation is necessary to hold the perpetrators accountable, if possible. VMRC also notified the U.S. Health and Human Services Office for Civil Rights and consumer reporting agencies of this incident. VMRC is also taking additional steps to prevent a similar event from occurring in the future.
VMRC is not aware of any evidence of the misuse of any information potentially involved in this incident. However, on April 19, 2024 VMRC mailed notice of this incident to potentially impacted individuals for which VMRC had identifiable address information. The notice sent to impacted individuals provided information about the incident and resources that potentially impacted individuals could utilize to protect their information including the opportunity to enroll in complimentary identity protection services through Cyberscout.
VMRC has established a toll-free call center to answer questions about the incident and to address related concerns. The call center is available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time (excluding major U.S. holidays) and can be reached at 1-833-538-8494. All affected individuals may qualify for complimentary identity protection services through Cyberscout. Individuals who have not received a notification letter must obtain verification of eligibility through the call center to enroll in services.
SOURCE Valley Mountain Regional Center