- The L.A. Gay and Lesbian Community Services Center (LAGLCSC), which offers healthcare services such as HIV testing, pharmaceutical services, mental health and preventative health services, has begun notifying 59,000 clients that some of its information systems have been compromised by a criminal cyber-attack.
According to a sample notification letter from the LAGLCSC Privacy Officer George Gati to patients, the attack occurred between November 22, 2013 and December 3, 2013 and focused on clients’ Social Security numbers, credit card numbers and other financial information. Though Gati explained that he doesn’t believe any of the information has been compromised to date, names, contact information, medical or healthcare information, dates of birth, credit card information, Social Security numbers and health insurance account numbers were all potentially exposed as a result of the breach. The LAGLCSC investigation led Gati to believe the information was exposed from September 17, 2013 to November 8, 2013.
…upon learning of the potential of this incident, we promptly took the following actions: (i) curtailed the intrusion; (ii) hired numerous experts, including two leading national forensic investigation firms, to help us investigate the situation and determine the individuals and information potentially affected; and (iii) began the process of notifying potentially affected individuals. In addition, we have notified law enforcement and are taking steps to further guard against this type of criminal attack in the future.
Gati went on to offer affected clients the normal precautionary tips, such as reviewing financial statements, and tell them that LAGLCSC is offering a free year of credit monitoring through Experian.
“The center takes the privacy of our clients very seriously,” LAGLCS CEO Lorri L. Jean said, according to the Los Angeles Daily News. “After learning of this attack, we took immediate steps to further safeguard the information currently on our servers and, though no organization can ever be assured that its data is 100 percent protected, we are working with data security and technology experts to guard against future attacks.”
It’s unclear how the system was hacked and what LAGLCS can do to remedy the situation, but it looks as though it’s taking the breach seriously after hiring privacy experts and providing patients with credit monitoring.
PHIPrivacy.net also reported on the breach.