swidup
commented
7 months ago Now the data victims are being blackmailed. https://www.kiro7.com/news/local/seattle-cancer-patients-face-blackmail-threats-after-recent-fred-hutch-data-breach/BCLXFK66DRAEDMRPMVBCUVOUDI/
https://www.fredhutch.org/en/news/releases/2022/10/notice-of-data-security-incident.html
Seattle Cancer Care Alliance, which is now known as Fred Hutchinson Cancer Center, announced that on or about March 26, 2022, Fred Hutch identified suspicious activity associated with one (1) employee’s business email account. Fred Hutch immediately terminated any access to the account, and forced a credential reset to eject any suspected unauthorized individuals from the account. Fred Hutch also engaged a leading forensic security firm to further investigate and to confirm the security of its email and computer systems. The forensic investigation concluded on or about April 18, 2022 and determined that an unauthorized third party gained access to the Account between March 25 and March 26, 2022. Fred Hutch has notified law enforcement, as well as state and federal regulators of the incident. As part of its investigation, Fred Hutch reviewed the account’s contents to determine if it contained any personal information and, on September 9, 2022, determined that it contained personal information for some of its patients. The information in the email account varied by individual but included certain individuals’ names, addresses, Social Security numbers, driver’s license, passport numbers, military or other government ID numbers, dates of birth, financial account information, medical information, and/or health insurance information.
To date, there is no indication of any identity theft or fraud occurring as a result of this incident; however, as a precautionary measure, Fred Hutch is notifying potentially involved individuals directly via physical mail.
Fred Hutch has committed to taking steps to help prevent a similar incident from occurring again, including reviewing its technical controls, policies, and procedures. Fred Hutch recommends that individuals remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements, monitoring their credit reports closely, and notifying their financial institutions if unusual activity is detected. Fred Hutch also recommends that individuals promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
Fred Hutch apologizes for any inconvenience this incident might cause. Individuals seeking additional information may call a confidential, toll-free inquiry line at (855) 532-1265 from 6:00 a.m. to 3:30 p.m. Pacific Time, Monday through Friday (excluding some U.S. holidays.)