i know some people may think I’m being too harsh, but really — almost 1.5 years from catching to notifications to people of a breach? Their response in terms of preventing more incidents seems reasonable, but the gap to figure out that notification was needed and then whom to notify seems too long. What will HHS or the state attorney general of westward Virginia do, if anything? here is the ERCC’s pressure release/notice: ELKINS Elkins Rehabilitation & aid center has become aware of a data security incident that may have resulted in unauthorized access to some resident and employee information. At this time, there is no evidence of any attempted or actual misuse of any personal information. However, ERCC is notifying, via first-class mail, any resident and employee whose information may hold been accessed in prescribe to provide details of the incident, ERCCs response to the incident, and provide resources to aid protect any residents and employees in the event they were affected. Continuing to maintain your combine is a whirligig priority at ERCC, and ERCC sincerely apologizes for any inconvenience or interest this incident may cause. in february of 2019, ERCC found evidence to intimate that a limited number of ERCCs employee email accounts may hold been inappropriately accessed. Upon discovery of this evidence, ERCC immediately notified its info technology team, who undertook an investigation and found evidence to suggest that malware infected several systems within ERCCs computer network between Feb. 4, 2019, and Feb. 7, 2019. ERCCs information technology team quickly moved to clean the infection, reset all users passwords, and identify the malware variant. Once ERCC determined that the variant of malware had the ability to extract emails, ERCC proceeded to engage an e-discovery expert to brushup the contents of the affected email accounts. On July 1, 2020, after a thorough and full lookup of the compromised accounts was completed, ERCC discovered that the affected email accounts may get contained information about some of its current and former residents and employees, including first and last names in combination with 1 or more of the following attributes: limited protected health information, Social Security numbers, and/or drivers permission numbers. Once again, ERCC has no evidence of attempted or actual misuse of anyones information as a consequence of this incident. Nonetheless, ERCC is informing its residents and employees of this incident out of an abundance of caution. In light of this incident, ERCC is offering complimentary identity theft restoration and credit monitoring services through Kroll to help protect any impacted current and/or former residents and employees for a certain period of time. ERCC encourages residents and employees who suppose their information may be at risk to phone (844) 929-2285 Monday through Friday, 9 a.m. to 6:30 p.m., EDT. ERCC takes the security of all info in its control seriously, and is taking steps to help prevent a similar event from occurring in the future. This includes but is not limited to (1) replacing the affected hard drives, (2) installing and updating anti-virus and anti-malware software on all ERCC computers, (3) providing ERCC staff with ongoing security awareness training, and (4) notifying government regulators where appropriate. Once again, ERCC sincerely regrets any inconvenience or concern that this matter may cause and remains dedicated to ensuring the privacy and surety of all information in its control.