PA: Indian Creek Foundation Provides notification ransomware incident

Indian Creek Foundation provides services to 1,200 youth and adults with intellectual disabilities and Autism. The following is a press release they have issued: SOUDERTON, Pa., Sept. 13, 2021  — On February 6, 2021, ICF discovered that portions of its computer network were infected with malware that encrypted certain systems. ICF promptly took the affected systems offline, initiated other containment measures, and with the assistance of third-party forensic specialists, launched an investigation into the nature and scope of the incident. The investigation confirmed that certain folders may have been accessed or removed from ICF systems without authorization on February 6, 2021. ICF therefore undertook a lengthy, time-intensive, and thorough review of the potentially impacted folders and its internal files and systems in order to identify the information that was potentially impacted and to whom it related. In conjunction with this review, on or about April 15, 2021, a third-party firm was engaged to programmatically and manually review the information at issue in order to identify impacted individuals and the types of data associated with those individuals. Concurrently, ICF internally reviewed its databases. and, on or about July 14, 2021, first determined that one or more of the potentially impacted folders included protected information related to individuals. ICF continued to diligently review and reconcile the information with its internal records in furtherance of identifying the individuals to whom the data related and the appropriate contact information for those individuals. Those efforts were completed on or around August 24, 2021, at which time ICF determined the scope of impacted individuals and the types of data associated with those individuals as a result of the extensive internal review. ICF thereafter worked to provide notification to potentially impacted individuals as quickly as possible. Although the information varies by individual, the involved ICF systems contained the following types of information at the time of the incident: name, Social Security number, driver’s license number, health insurance information, medical treatment/diagnosis information, and financial account information. Information security is one of ICF’s highest priorities. Upon discovering this incident, ICF took steps to respond. Further, ICF notified federal law enforcement regarding this event. Moreover, ICF is reviewing and enhancing existing policies and procedures and implementing additional safeguards to further secure the information in its systems and reduce the likelihood of a similar future event. ICF is also notifying relevant regulatory authorities as required. As an added precaution, ICF is offering complimentary access to credit monitoring and identity restoration services to potentially impacted individuals. Should individuals have questions regarding this event or wish to inquire as to their eligibility for the complimentary credit monitoring and identity restoration services, they may call ICF’s dedicated assistance line at 800-974-0685, which is available Monday through Friday, from 9:00 a.m. to 9:00 p.m. Eastern Time. Individuals may also write to ICF at 420 Cowpath Road, Souderton, PA 18964, or via email privacy@indcreek.org. ICF encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits and monitoring free credit reports for suspicious activity. Read more of the press release on PR Newswire or on ICF’s web site.  DataBreaches.netRead More