Notice of Data Breach Alpharetta, Georgia August 30

Notice of Data Breach Alpharetta, Georgia August 30, 2022 CorrectHealth ("CH") recently experienced a data security incident that may have resulted in an unauthorized access to some individuals' sensitive personal information. This notice is intended to alert those individuals of the Incident, steps we are taking in response, and resources available to help you protect against the potential misuse of your information. What Happened? On November 10, 2021, CH discovered an unauthorized user potentially had access to CH employee email accounts. Upon detection of this incident, CH promptly engaged a specialized third-party forensic firm and conducted a forensic investigation to determine the nature and scope of the incident. The investigation, which concluded on January 28, 2022, found that some individuals' information may have been affected by this incident. CH immediately began a thorough review of their systems, and from March to July, 2022, engaged a third party to analyze the specific files that were compromised during this data security incident in order to determine the specific information disclosed and to identify the potentially impacted individuals. What Information Was Involved? Although CH has not received any reports of related identity theft since the date of the incident, we are notifying you out of an abundance of caution and for purposes of full transparency. Based on the investigation, the following information related may have been subject to unauthorized access: name, address, Social Security number, Driver's License number, passport number, financial account information, and/or limited medical information. What We Are Doing? Since the discovery of the incident, CH moved quickly to investigate, respond, and confirm the security of the information in our control. Further, CH took steps and will continue to take steps to mitigate the risk of future harm. Specifically, CH cooperated with the FBI as part of a larger investigation into the threat group responsible, issued a company-wide password reset for all employees, employed an advanced phishing service for CH's email tenant, began putting disclaimers on all externally received emails, implemented Multi-Factor Authentication for all administrative staff, began rolling out a Single Sign On solution for clinical staff, and effected weekly data security and monthly simulated phishing training for all employees. In light of the incident, we are also offering credit monitoring and identity theft protection services for all potentially affected individuals. What You Can Do: We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Please review the enclosed Additional Steps You Can Take to Help Protect Your Information, to learn more about how to protect against the possibility of information misuse. If you believe that CH may have had your personal information in connection with this Incident, please call 1-833-764-2930 to obtain more information or a code to register for complimentary credit monitoring and identity theft protection services. Again, at this time, we have not received any reports of related identity theft since the date of the Incident. Other Important Information: We recognize that you may have questions not addressed in this notice. If you have additional questions, please call 1-833-764-2930 Monday through Friday, 9:00 A.M. to 9:00 P.M. Eastern Time. CH sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control. Sincerely, Stacy M. Scott, Esq. Chief Legal Officer CorrectHealth Companies 8-30-22