Mosaic recently announced, on Oct. 16, it discovered client information was in an email account of an employee who had fallen victim to an email phishing scam on an unknown date.
Mosaic has taken actions to secure the email account and law enforcement has been notified. Phishing is an email scam that seeks to acquire information by masquerading as a trustworthy entity in an electronic communication. These email scams have become increasingly convincing and sophisticated in recent years.
During its investigation, Mosaic discovered other Mosaic employees had been deceived by a similar phishing email scam. All affected email accounts were secured and passwords were changed.
Mosaic undertook a comprehensive review of the affected email accounts and confirmed they contained client information used by Mosaic for administrative purposes and may have included clients’ names, dates of birth, addresses, telephone numbers, birth certificates, driver’s licenses or government–issued identification cards, medical record numbers, insurance identification numbers, insurance/client payments, Medicaid and Medicare numbers, limited clinical information, which may include, but is not limited to, incident reports, diagnoses, procedures, prescription information, and, in some instances, Social Security numbers and financial account information.
“After discovering the incident, we acted quickly to engage law enforcement and notify and protect all individuals who may have been affected,” said Linda Timmons, president and chief-executive officer. “At this time, all evidence suggests that the main target of this scam was the financial information of Mosaic and not information related to our clients.”
Approximately 3,857 clients are being notified, and eligible clients will be offered free credit monitoring and identity theft protection.
Mosaic continues to work with law enforcement to apprehend the suspects. To prevent a similar incident from happening in the future, Mosaic is conducting a comprehensive review of its information security practices and procedures, as well as re-educating employees regarding online security awareness.
For more information, please visit: www.mosaicinfo.org/phishing.
Mosaic provides disability support services to more than 3,700 people through programs in 10 states. Services are tailored to meet individual needs and goals, and range from residential and medical services through job coaching and teaching independent living skills.