Nearly 10,000 clients of Maryland-based Service Coordination Inc. (SCI) – a nonprofit organization that supports intellectually and developmentally disabled people – may have personal information at risk after an individual gained unauthorized access to SCI computer systems.
How many victims? About 9,700.
What type of personal information? Names, Social Security numbers, medical assistance numbers, Medicaid and Medicaid Waiver statuses and reasons, DDA direct service providers, and demographic and other information related to SCI case management services.
What happened? An individual “hacked” into SCI computer systems and gained unauthorized access to electronic files that contained the client data.
What was the response? SCI engaged a forensics consultant and took steps to prevent further access. Law enforcement was alerted, and the investigation resulted in the identification of a suspect. Affected individuals are being notified and offered a free year of identity theft protection services.
Details: SCI learned on Oct. 30, 2013, that an individual gained unauthorized access to its computer systems between Oct. 20, 2013, and Oct. 30, 2013. The Department of Justice required that SCI not alert impacted individuals, because doing so may impede the investigation. Law enforcement went to the alleged hacker's home and seized computer equipment and accounts. There has been no evidence of misuse of the client data.
Quote: “We continue our vigilant actions to safeguard the information of those who count on us for resource coordination services and we remain committed to supporting their needs,” John Dumas, executive director of service coordination, said in a notification posted to the SCI website.
Source: servicecoordinationinc.org, “Notification of Breach of Protected Health Information,” March 17, 2014.