Cyber Incident Victim: Alive Hospice

Alive Hospice experienced email phishing events impacting employee email accounts, with initial unauthorized access occurring on or around December 20, 2017, and April 5, 2018. The organization responded to these incidents by promptly changing the affected user's passwords as a precautionary measure, though initial investigations found no evidence of personal information compromise. During a routine email system review on May 15, 2018, Alive Hospice discovered ongoing unauthorized activity in the employee's account that potentially exposed sensitive data. This triggered a comprehensive investigation with third-party forensic experts to determine the incident's scope and nature. The forensic analysis confirmed unauthorized actors had accessed two employee email accounts, with the first breach dating back to December 2017 and the second beginning in April 2018.

The investigation revealed that compromised emails contained extensive personal information including names, dates of birth, Social Security numbers, passport details, driver's license numbers, financial account information, medical histories, treatment records, health insurance details, and digital authentication credentials like passwords and security questions. While Alive Hospice found no evidence of actual or attempted misuse of the exposed data, they initiated notification procedures on July 13, 2018, mailing letters to potentially affected individuals. The organization offered complimentary credit monitoring and identity restoration services for one year to impacted parties. Alive Hospice enhanced existing security protocols despite having prior safeguards, reported the breach to the U.S. Department of Health and Human Services and state regulators, and established a dedicated assistance hotline for victim inquiries. Notification materials included guidance for monitoring credit reports and contacting major credit bureaus along with federal and state resources for identity theft protection.