A hacker's malware program could have jeopardized the personal information of about 7,300 current and former senior-living residents of Lutheran Social Services of South Central Pennsylvania.
Technology workers performing routine monitoring in March discovered the intrusive software program had been placed on a system used by the organization, which has four senior living locations in York, said corporate spokeswoman Crystal Hull.
There's no evidence that information about the senior residents living at its facilities was accessed, but there's also no evidence that it wasn't. There have been no reports of identity theft or other suspicious activities reported, she said.
The organization has notified all potentially affected people and is now alerting the general public about the security breach, she said.
Personal information that may have been compromised includes residents' names, dates of birth, social security numbers, Medicare numbers, health insurance numbers and payor names and medical diagnosis codes.
LSS recommends that all individuals who may have been impacted protect themselves from any potential harm by:
- obtaining a personal credit report and checking for unrecognizable medical bills or suspicious activity. Credit reports can be obtained from the three credit reporting agencies by calling 877-322-8228 or visiting www.annualcreditreport.
- regularly reviewing the explanation of benefits statement issued from insurance providers. Contact the insurance provider if it lists any service the inidividual did not receive, and
- considering purchasing an identity theft protection service.
Upon discovering the malware, staff immediately engaged the services of an outside expert, a forensic analyst to determine where the firm's malware protection went wrong, she said.
The organization enhanced its electronic security, updating malware protection, Hull said. The hacker has not been identified. LSS is discussing further actions, including possible police involvement.