Community Research Foundation (CRF) recently faced a significant data breach involving personal and protected health information, impacting 30,057 individuals. The breach, identified as a “Hacking/IT Incident,” prompted CRF to promptly notify the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) and affected individuals. Upon discovery of the breach on October 13, 2022, CRF swiftly secured its digital environment and engaged external cybersecurity experts to investigate the incident thoroughly.
Following the investigation, it was revealed that unauthorized access had occurred within CRF’s systems, potentially compromising sensitive data such as names, Social Security numbers, driver’s license numbers, dates of birth, and medical information. CRF undertook a comprehensive review to identify affected individuals and data elements, subsequently notifying impacted individuals via postal service on June 28, 2023. Additionally, CRF established a toll-free call center to address inquiries and provide support resources to those affected by the breach.
Despite the breach’s impact, CRF emphasized its commitment to prioritizing the privacy and protection of individuals’ personal and health information. The swift response and transparent communication underscored CRF’s dedication to mitigating the breach’s effects and ensuring accountability for safeguarding sensitive data. This incident serves as a reminder of the ongoing importance of robust cybersecurity measures and proactive efforts to protect against data breaches in today’s digital landscape.
