Published on

Security Incident - II

Authors
  • avatar
    Name
    Steve Manning
    Twitter
fb

Independent Living Systems, LLC, a Florida Blue vendor that provides care management and nutrition support services to our members enrolled in Medicare Advantage and Dual Eligible Special Needs Plan products, experienced a data security incident that may have impacted some of these members

Independent Living Systems notice (https://ilshealth.com/supplemental-data-notice/)

March 14th, 2023

Independent Living Systems, LLC (“ILS”), which is a business associate to its covered entity subsidiaries Florida Community Care LLC and HPMP of Florida Inc. d/b/a Florida Complete Care, is issuing supplemental notice of a data event that may impact the privacy of certain individuals’ personal and/or protected health information (“PHI”). ILS is also issuing notification to impacted individuals as a direct provider of services and on behalf of certain data owner clients and covered entity health plans. We are providing updated information about the event and our response. We are unaware of any identity theft or fraud resulting from this event. We are providing this supplemental notice out of an abundance of caution.

What Happened?

On July 5, 2022, we experienced an incident involving the inaccessibility of certain computer systems on our network. We responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, we learned that an

unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed. Upon containing the incident and reconnecting our computer systems, we conducted a comprehensive review to understand the scope of potentially affected information and identify the individuals to whom such information relates. We received the results of this review on January 17, 2023, and then worked as quickly as possible to validate the results and provide notice to potentially impacted individuals and affiliated data owners, as required under applicable law and contract.

What Information was Affected?

The types of impacted information varies by individual and could have included: name, address, date of birth, driver’s license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.

What We Are Doing.

We take this incident and the security of information entrusted to us very seriously. In response to the incident, we promptly took steps to mitigate any risk of compromise to information and better prevent a similar event from reoccurring. These actions included: (1) fortifying the security of our

firewall; (2) utilizing the forensic specialists engaged to monitor our network and remediate any suspicious activity identified; (3) rotating and increasing the complexity of all users’ credentials, and (4) providing notification to potentially affected individuals as quickly as possible. We are also enhancing our existing training protocols and other internal procedures that relate to data protection and security. In accordance with best practices, we encourage you to review your account statements, explanations of benefits, and credit reports carefully for unexpected activity and to report any questionable activity to the associated institutions immediately.

Additionally, we previously notified potentially affected individuals on September 2, 2022 by posting a preliminary notice of this data event on our website. We also provided preliminary notice to our primary state and federal regulators. Now that our review and validation efforts are complete, we are notifying potentially affected individuals via posting this supplemental notice on our website, providing notice to the media, and mailing letters to potentially affected individuals for whom ILS has address information. ILS is also providing supplemental notice to its primary state and federal regulators, initial notice to certain additional state regulators (as required), and initial notice to the three major consumer reporting agencies

(i.e., Equifax, Experian, and TransUnion).

What Affected Individuals Can Do.

We encourage potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements, explanations of benefits, and credit reports carefully for unexpected activity and to report any questionable activity to the associated institutions immediately. Additional information can be found below in the Steps You Can Take to Protect Information.

For More Information.

For individuals seeking additional information regarding this event, a toll-free assistance line has been established. Individuals may call 800-906-7238 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Be prepared to provide your engagement number B086938. You may also write to ILS at P.O. Box 667955, Miami, FL 33166.