California-based Elderly Care Company Warns of Data Breach

Covent Care California, a company specialized in healthcare and rehabilitation for the elderly, has issued a data breach notice to warn current and former patients that unauthorized individuals have accessed their data and may have stolen it.

Although the notice was filed with the Attorney General of Massachusetts on Aug. 29, 2024, the company says that the data security incident occurred around Nov. 14, 2023.

This means that the facility took nearly 10 months to start notifying individuals whose personally identifiable information (PII) was potentially compromised by threat actors.

“Covenant Care recently became aware of an incident in which an unauthorized individual(s) gained access to certain files on Covenant Care’s network which contained certain personal information about patients and other individuals,” Covenant Care’s notice reads. “On or about November 14, 2023, Covenant Care identified suspicious activity related to certain systems within its computer network. In response, Covenant Care promptly took steps to secure its systems and began an investigation into the activity.”

While Covent Care continues to engage in its fact-finding mission to determine the exact number of impacted individuals and specific exfiltrated data specific to each patient, the notice says that stolen files may include:

- Names and dates of birth

- Medical and/or health insurance information associated with diagnosis or treatment data claims and billing information

- Social Security Numbers and financial account or credit/debit card numbers

- Driver’s license or state/federal identification number

Given the sensitive nature of the potentially compromised patient data, Covenant Care says it will offer free access to credit-monitoring and identity-theft-restoration services.

What can individuals whose Social Security Numbers, IDs and financial and health information were compromised in a breach?

We recommend individuals to take immediate strategic steps to protect themselves from identity theft, fraud and other harms following theCovent Care California data breach or other similar security incidents, including:

1.Closely monitor accounts: Regularly check your bank and credit card statements for unauthorized transactions. You can also get free copies of your credit reports from major credit bureaus (Equifax, Experian, and TransUnion) to review for unfamiliar accounts or inquiries.

2. Place a fraud alert: A fraud alert warns creditors to take extra steps to verify your identity before extending new credit. You only need to place a fraud alert with just one of the major credit bureaus, and they will notify the other two.

3. Consider a credit freeze: This will restrict access to your credit report, making it harder for identity thieves to open accounts in your name. However, this needs to be done individually for each credit bureau.

4. Enroll in identity theft protection services: Use the identity theft protection services provided freely by the company.

If no such benefit is provided, consider opting for Bitdefender Identity Theft Protection, our comprehensive identity theft protection service that continuously monitors your identity, privacy and credit status to notify you immediately if you are at risk. You also benefit from complete identity restoration services and insurance, depending on your chosen plan.

5. Report identity theft: If you suspect your information has been misused, report it to the Federal Trade Commission (FTC) at IdentityTheft.gov and local police.

6. Monitor Your Health Records: If health information is compromised, keep an eye on your medical records for signs of fraud, such as unfamiliar treatments or procedures, and immediately notify your healthcare provider if you notice any discrepancies.

You can read more about medical identity theft and how to protect your health information in our dedicated articles:

- How to Protect Your Health Data in Case of a Breach

- What is medical identity theft and how to protect against it

- Has Your Health Information Been Exposed? Take These Critical Next Steps

7. Secure your online accounts: Update the passwords for your online accounts, especially those linked to sensitive financial and personal information. Use strong, unique passwords and enable two-factor authentication (2FA) where possible.

9. Be vigilant against phishing scams: After a breach, cybercriminals may use compromised information to target victims with scam emails, texts or phone calls. Be cautious about sharing additional information and verify the identity of anyone requesting your details.

For more tips and tricks on how to protect against scams and phishing read:

- Email Scams: How to Spot, Avoid and Report Them

- Phishing Scams: How to Identify and Avoid Them

If you suspect someone is trying to scam you, check it out with Bitdefender Scamio, our AI-powered scam detection tool. Send any texts, messages, links, QR codes, or images to Scamio, which will analyze them to determine if they are part of a scam. Scamio is free and available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.

Worried about data breaches and leaks involving your personal data?

Has your data been part of a data breach or leak? Use Bitdefender’s Digital Identity Protection for:

- Instant Alerts: You can immediately react to data breaches and privacy threats and take swift action to prevent damage, such as changing passwords, via one-click action items.

- Real-time monitoring: The service continuously scans the internet and dark web for your personal information. You will receive alerts whenever your data is involved in a breach or leak.

- Peace of mind: This service immediately flags suspicious activity and actively monitors personal information for peace of mind.

- A 360° view of all your personal data: See your digital footprint, including traces from services you no longer use but that still have your data, and even send requests for data removal from service providers.