Massachusetts care provider MVES says hackers stole the data of about 90,000 patients

Malden, Massachusetts-based non-profit care provider Mystic Valley Elder Services said that the data security incident it suffered earlier this year compromised the sensitive personal information of almost 90,000 individuals.

 

In a notice of data security incident posted on its website, Mystic Valley Elder Services, known as MVES, said that on April 5, it identified unauthorised access to certain internal systems. The care provider immediately launched an investigation, with assistance from eternal cyber security experts, to determine the nature and scope for the incident.

 

“The forensic investigation confirmed that the third party accessed MVES’ computer systems on April 5, 2024, and that certain files may have been acquired from MVES’ systems as part of the incident,” it said.

 

“MVES reviewed the files to determine if they contained any personal information. The file review concluded on July 11, 2024, and MVES found that the files contained personal information.”

 

The compromised data included patients’ names, dates of birth, passport numbers, taxpayer identification numbers, financial account numbers, payment card numbers, online credentials, Social Security numbers, driver’s license numbers, health insurance information, and medical information.

 

MVES reported in a regulatory filing with the Office of Attorney General of Maine that at least 87,236 individuals were impacted by the incident.

 

MVES added that it had notified relevant law enforcement authorities and worked with them to resolve the incident. Also, it took protective measures including strengthening its internal network to avoid similar incidents from occurring in the future.

 

While MVES found no evidence of the compromised information being misused, it has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The organisation has also offered one year of complimentary identity protection and credit monitoring services through Experian IdentityWorks to all affected individuals.