Portland, OR – May 23, 2024 – Morrison Child & Family Services (“Morrison”) is notifying certain current and former clients that their personal information may have been accessed as part of cybersecurity incident. Morrison takes the privacy and security of information in its possession very seriously and sincerely apologizes for any inconvenience this incident may cause. This notice is intended to alert potentially impacted individuals of the incident, steps we are taking in response, and resources available to assist and protect individuals.
What Happened
Morrison recently experienced a network security incident that involved an unauthorized party gaining access to our network environment. Upon detecting the incident, we immediately shut off all access to the network and engaged a specialized third-party forensic incident response firm to assist with securing the network environment and investigating the extent of unauthorized activity. After comprehensive review of the data potentially impacted in this incident, which concluded on April 12, 2024, we determined an unauthorized third party may have acquired certain individual personal and health information during this incident. Morrison is providing written notice to all impacted individuals. Morrison has no reason to believe that any individual’s information has been misused as a result of this event. As of this writing, Morrison has not received any reports of misuse of information and/or related identity theft since the date the incident was discovered.
What Information Was Involved
Again, we found no evidence that patient information has been specifically misused. However, the following information was potentially exposed to an unauthorized third party: first and last name, address, phone number, date of birth, Social Security number, health insurance information, client identification number, Medicaid number, medication information, and treatment information. Notably, the types of information affected were different for each individual, and not every individual had all the above listed elements exposed.
What We Are Doing
Data security is one of our highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We have also reviewed and enhanced our technical safeguards to prevent a similar incident.