Willamette Family Data Breach Exposes Sensitive PII and PHI

On September 12, 2024, Willamette Family became aware of unauthorized access to one of its email accounts. Upon further investigation, the organization discovered that additional email accounts had also been compromised, with the unauthorized activity potentially dating back to May 29, 2024.

The breach involved unauthorized individuals gaining access to sensitive information stored within these compromised email accounts. The types of personally identifiable information (PII) and protected health information (PHI) exposed include names, contact information, dates of birth, Social Security numbers, financial account information, medical record numbers, patient account numbers, medical provider names, clinical or treatment information, medical procedure details, health insurance information, and prescription information.

At this time, Willamette Family has not reported any known cases of fraud or identity theft resulting from this incident. However, due to the sensitive nature and broad scope of the information involved, affected individuals should remain vigilant and regularly monitor their financial and medical accounts for suspicious activity.

What happened?

On September 12, 2024, Willamette Family discovered unauthorized access to one of its employee email accounts. After investigating further, the organization determined that multiple email accounts had been compromised, with unauthorized access potentially starting as early as May 29, 2024.

The breach occurred when unauthorized individuals gained access to these email accounts, potentially viewing or extracting sensitive personal and medical information stored within emails and attachments. The exact method used to compromise these email accounts has not been publicly disclosed.

For more detailed information, you can review the official disclosure notice posted on the Vermont Attorney General's website.

Willamette Family's response

Following the discovery of the breach, Willamette Family immediately took steps to secure its systems. The organization promptly removed unauthorized access, changed passwords, and expanded the use of multi-factor authentication to prevent further unauthorized access.

Willamette Family engaged a leading privacy and data security firm to assist with the investigation and response. A forensic data analysis was conducted to determine the scope of information potentially impacted by the breach.

To assist those affected, Willamette Family has provided detailed guidance on how individuals can protect themselves from identity theft and fraud. The organization recommends that affected individuals remain vigilant by regularly monitoring their financial statements and credit reports for suspicious activity. Affected individuals can obtain free annual credit reports from AnnualCreditReport.com and may consider placing fraud alerts or security freezes on their credit files.

If you have questions or require additional assistance, Willamette Family has established a dedicated call center at (888) 686-4575, available Monday through Friday from 9:00 a.m. to 7:00 p.m. Eastern Standard Time.

For more information, you can visit the organization's official Notice of Data Incident.