On August 29, 2018, Family Tree was the victim of a malware attack which may have affected your information. Read below to learn more about the attack and what you should so as a result:
On August 29th, 2018, Family Tree was the victim of a ransomware incident on our computer server. We were able to quickly restore the encrypted information and remove the malicious software from our computer systems. We informed our community partners who refer clients to us and also informed law enforcement. In addition, we retained an independent forensic investigation firm to determine the extent to which information was affected and assist in our response to this incident.
As part of the forensic analysis, we determined that unauthorized individuals gained access to certain folders on Family Tree’s server between June 1 and August 29, 2018. While theinformation stored in these folders varies by individual, it may have included name, date of birth, health identification number, and limited information about your health care services – including services our clients might need to receive, or have received, from their healthcare providers. There was no evidence that any information was removed from our servers or otherwise retained by the unauthorized individuals. Driver’s license numbers or social security numbers were NOT included in these files and were not affected by this incident. Further, we are not aware of any fraud or misuse of your information resulting from this incident.
Although our investigation did not identify any specific information that was viewed or removed from our systems, we suggest the following steps to monitor your information and protect yourself:
- Review your health records and billing information. If you see any services or bills for services that you did not receive, contact your provider office, IHN, or Family Tree Relief Nursery right away.
- Review your financial account statements to determine if there are any discrepancies or unusual activity listed. If you see anything you do not understand, call the financial institution immediately.
While Social Security numbers were not affected by this incident, as a general practice we recommend you periodically review your account statements and credit reports, and you should promptly report any suspicious activity or suspected identity theft to one of the three major credit reporting agencies (Equifax: 800-685-1111; Experian: 888-397-3742; and TransUnion: 800-888-4213), the proper law enforcement authorities, including local law enforcement, your state’s Attorney General, and/or the Federal Trade Commission (FTC). You may contact the FTC or your state’s regulatory authority to obtain additional information about avoiding and protection against identity theft: Federal Trade Commission, Consumer Response Center 600 Pennsylvania Avenue, NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft.
In response to this incident, Family Tree Relief Nursery will be taking a number of steps designed to help prevent future incidents and protect your information, including:
- Conducting a thorough review of our physical, technical, and administrative security controls;
- Updating our privacy and security policies and procedures, and;
- Implementing new computer access policies.
As part of our commitment to you and your privacy, we sent letters to all individuals whose information was affected by the incident. However, if you did not receive a letter or if you have questions about the incident or whether your information was affected, call 1-888-299-1145.