Penn-Mar Human Services Notifies Individuals of Data Security Incident

FREELAND, MARYLAND – Penn-Mar Human Services (“Penn-Mar”) has become aware of a data security incident that may have resulted in the unauthorized access to personal information, including health information. Although at this time there is no evidence of any attempted or actual misuse of anyone’s information as a result of this incident, we have taken steps to notify all potentially impacted individuals and to provide resources to assist them.

An unknown individual may have gained access to an employee’s email account through a phishing campaign. This unauthorized individual may have accessed records that contained personal information for current and former Penn-Mar patients. Penn-Mar quickly took action and prevented any further unauthorized access. Penn-Mar also retained a computer forensic company and conducted a detailed forensic investigation to determine what information may have been accessed. As a result of our investigation, on September 24, 2019, we discovered that your personal information, including your name, date of birth, Social Security number, and limited health information may have been disclosed.

We take the security of all information in our control very seriously and have taken steps to prevent a similar event from occurring in the future. Those steps include forcing all employees to change credentials, strengthening our cybersecurity posture by making changes to our email password policies, limiting or blocking inbox rules in Office 365 based on employee role, disabling legacy protocols, increasing training and awareness related to identifying fraudulent emails, and implementing multi-factor authentication office-wide.

We have established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from 8:00 a.m. to 5:30 p.m., Eastern Time and can be reached at 1-866-841-5714. In addition, out of an abundance of caution, we are offering identity theft protection and credit monitoring services through Kroll to potentially impacted individuals at no cost.

The privacy and protection of personal information is a top priority for Penn-Mar, which sincerely regrets any concern or inconvenience that this matter may cause.

The following information is provided to help individuals wanting more information on steps they can take to protect themselves:

How do I obtain a copy of my credit report?

You can obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting agencies. To order your credit report, free of charge once every 12 months, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting agencies is included in the e-mail and letter, and is also listed at the bottom of this page.

How do I put a fraud alert on my account?

You may consider placing a fraud alert on your credit report. This fraud alert statement informs creditors to possible fraudulent activity within your report and requests that your creditor contact you prior to establishing any accounts in your name. To place a fraud alert on your credit report, contact Equifax, Experian or TransUnion and follow the Fraud Victims instructions. To place a fraud alert on your credit accounts, contact your financial institution or credit provider. Contact information for the three nationwide credit reporting agencies is included in the letter and is also listed at the bottom of this page.

Contact information for the three nationwide credit reporting agencies is as follows:

Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
1-800-685-1111
www.equifax.com

Experian Security Freeze
PO Box 9554
Allen, TX 75013
1-888-397-3742
www.experian.com

TransUnion (FVAD)
PO Box 2000
Chester, PA 19022
1-800-888-4213
www.transunion.com