Aveanna Healthcare Provides Notice of Email Incident

EMPTY

|Feb 15|magazine9 min read

ATLANTA, Feb. 14, 2020 /PRNewswire/ -- Aveanna Healthcare ("Aveanna") is providing notice of a recent incident that may impact certain patients and employees.  While Aveanna is unaware of any attempted or actual misuse of this information, notice is being provided to potentially affected individuals, as well as certain state and federal regulators. 

On August 24, 2019, Aveanna became aware of suspicious activity relating to a number of its employees' email accounts.  Aveanna took steps to secure the email accounts and began working with outside computer forensics experts to determine the nature and scope of the activity.  The investigation determined that an unknown actor accessed certain employee email accounts between July 9, 2019 and August 24, 2019.  Unfortunately, the investigation was not able to determine if any email or attachment was actually accessed or viewed. 

With the assistance of third-party experts, a comprehensive review of the contents of the impacted email accounts was performed to identify any personal information that could have potentially been viewed or acquired by the intruder. Once this exhaustive review was complete, Aveanna worked to confirm the impacted individuals to whom that information related and their address.  On December 19, 2019, Aveanna determined that information for certain patients and employees may have been accessible within the email accounts involved in this event.  

The investigation determined the impacted email accounts contained some combination of the following types of information for certain individuals at the time they were subject to unauthorized access: Social Security Number, Date of Birth, Employee Identification Number, Bank/Financial Account Number, Credit/Debit Card and CVV and Expiration Date, Passport Number, Driver's License, Username and Password, Medical Record Number, Patient Account Number, Diagnosis Information, Treatment Type and Location, Doctor Name, Health Insurance Information, Billing/Claims Information, Medicare/Medicaid ID Number, and Prescription/Medication Information.   At this time, Aveanna is unaware of any actual or attempted misuse of any personal or protected health information relating to this incident.

In addition to notifying those whose information may have been accessible, Aveanna is establishing a dedicated call center to assist with questions.  Aveanna is also offering credit monitoring and identity theft restoration services to those who may be impacted. Affected individuals are being provided with information regarding steps they can take to place a credit freeze or fraud alert on their credit file. For further information, affected individuals may contact our call center at 866-977-0742, Monday through Friday, 9 am to 9 pm Eastern Time, excluding national holidays.

In response to this event, Aveanna immediately changed the credentials for the involved email accounts and have since implemented additional security measures for all employee email accounts and access to Company systems including requiring multi-factor authentication. 

Aveanna takes information privacy and security matters extremely seriously and will remain vigilant in its efforts to safeguard and protect patient and employee information, while taking any additional steps that may be necessary to mitigate and remediate this incident.

Cision View original content:http://www.prnewswire.com/news-releases/aveanna-healthcare-provides-notice-of-email-incident-301005084.html

SOURCE Aveanna Healthcare