NOTICE OF DATA BREACH
The following contains important information about a cyberattack that potentially impacted the personal information of residents, patients, employees, and plan participants and their beneficiaries of North Hill Communities, Inc., North Hill Home Health Care, Inc., North Hill Needham, Inc., Connected for Life, Inc., and the North Hill Employee Dental Plan (collectively, “North Hill”).
WHAT HAPPENED
On December 26, 2023, North Hill detected a cybersecurity incident affecting certain systems in our network environment. North Hill immediately secured the network and engaged third party information technology and forensic specialists to assist with restoring systems and investigating the extent of the unauthorized activity. The forensic investigation revealed that an unauthorized party gained access to North Hill’s network on December 19, 2023. After a comprehensive forensic investigation and extensive document review, North Hill was able to determine that certain data, including personal information, from the affected systems was accessed or acquired by the unauthorized party.
WHAT INFORMATION WAS INVOLVED
Our forensic investigation is unable to conclude what specific information may have been accessed or acquired by the unauthorized party, so we are notifying you in the spirit of transparency. The information potentially involved may include your (or that of your relative, if you are the next of kin of one of our former residents) name and one (1) or more of either your date of birth (or date of death, as applicable), address, Social Security number, phone number, admission date, health insurance identification number, medical record number, treatment dates, financial account or bank account number, driver’s license number, claims information, and/or medical information.
WHAT WE ARE DOING
North Hill is taking steps to notify potentially impacted individuals of this incident to ensure transparency. In order to help protect your information, we have taken the following steps:
- North Hill will cover the cost for two years for potentially impacted individuals to receive credit monitoring from Cyberscout through Identity Force, a TransUnion company. To take advantage of this offer, please contact us at the number provided below;
- Added additional computer security protections and protocols designed to ensure that your personal information is protected from unauthorized access;
- Notified law enforcement of this incident;
- Notified the US Department of Health and Human Services, Office for Civil Rights, of this incident, as well as applicable Attorneys General and other regulatory agencies; and
- Notified the local media to ensure that all impacted individuals are aware of the incident.
WHAT YOU CAN DO
To help protect their identity, we recommend that potentially impacted individuals take immediate steps to protect themselves from potential harm:
- Register a fraud alert with the following credit bureaus; and order credit reports as follows:
- Experian: (888) 397-3742; https://www.experian.com/fraud/center.html; National Consumer Assistance, P.O. Box 9554, Allen, TX 75013
- TransUnion: (800) 680-7289; https://www.transunion.com/fraud-alerts; Fraud Victim Assistance Department, P.O. Box 2000, Chester, PA 19016-2000
- Equifax: (800) 525-6285; https://www.equifax.com/personal/credit-report-services/credit-fraud-alerts; Fraud Victim Assistance Department, Consumer Fraud Division, P.O. Box 740256, Atlanta, GA 30374
- Monitor account statements, Explanation of Benefit forms, and credit bureau reports closely.
If you think that your personal information is being improperly used, you can also contact local law enforcement to file a police report. Under Massachusetts law, individuals have the right to obtain any police report filed in regard to this event. Finally, you can contact the Federal Trade Commission (“FTC”) at 1-877-ID THEFT (877-438-4338) or review the information on identity theft promulgated by the FTC at www.ftc.gov/bcp/edu/microsites/idtheft/.
OTHER INFORMATION
For information about your health information privacy rights, you may visit https://www.hhs.gov/hipaa/for-individuals/index.html
FOR MORE INFORMATION
If you have any questions or concerns, please do not hesitate to contact our dedicated call center at 1-833-919-4779. The call center is available Monday – Friday 8:00 am – 8:00 pm Eastern time, excluding holidays.