November 19, 2021
Episcopal Retirement Services (“ERS”), an organization serving older adults with a focus on improving lives through innovative, quality senior living communities, and through community services throughout Ohio, Kentucky, and Indiana, announced today that it is notifying certain individuals whose information may have been involved in recent data security incidents. Episcopal Retirement Services is committed to keeping the community informed, communicating about the steps it is taking toward resolution, and ensuring impacted individuals have the tools they need to minimize the impact of the incident.
On or about September 24, 2021, Episcopal Retirement Services discovered that they were the victim of a cyber-attack that impacted its systems and servers. At that time, ERS’s technology team acted quickly to restore and secure its systems. However, on October 22, 2021, Episcopal Retirement Services experienced a ransomware attack. At this time, ERS learned that the September incident was also a ransomware attack. ERS immediately engaged independent third-party cybersecurity experts to assist in the remediation and investigation and contacted the FBI. Further, Episcopal Retirement Services followed the guidance set forth by the FBI and are actively working on remediation and restoration of all its systems.
The investigation is ongoing, but Episcopal Retirement Services believes that the unauthorized individual could have potentially obtained or accessed protected personal health information. With this said, as of the date of this release, Episcopal Retirement Services has no evidence indicating that any information has been misused.
The types of protected health information potentially involved include first and last names, addresses, names, gender, home addresses, phone numbers, dates of birth, and social security numbers. It may also include medical diagnoses, health care provider names, insurance numbers, and Medicare numbers.
Further, Episcopal Retirement Services is notifying those potentially impacted by this incident by mail (if possible) and providing steps that can be taken to protect their information, including complimentary identity monitoring and protection services. Episcopal Retirement Services recommends that these individuals enroll in the services provided and follow the recommendations contained within the notification letter to increase the likelihood that their information remains protected. If you believe that your information was involved and want to know more about these services, please contact the 1-800-405-6108 created by ERS, Monday through Friday, 8:00 a.m. to 8:00 p.m. (EST).
The security and privacy of the information contained within our systems is a top priority for us. In response to this incident, we are implementing additional safeguards to our existing cybersecurity infrastructure and enhancing our employee cybersecurity training. Further, we are working with our external legal and cybersecurity experts to improve our cybersecurity policies, procedures, and protocols to help minimize the likelihood of this type of incident occurring again.
“We were upset to learn that we were one of thousands of organizations dealing with these types of incidents,” explained Laura Lamb, CEO of Episcopal Retirement Services. “We take the security and privacy of the information contained in our systems with the utmost seriousness. We are fully committed to protecting the information of our staff, current residents, and residents we have served in the past. We apologize for the inconvenience this incident caused. We truly thank the community, the entire Episcopal Retirement Services family, and all of our partners for the continued support and understanding during this incident.”
Episcopal Retirement recommends that individuals remain vigilant by closely reviewing their account statements and credit reports as a precautionary measure. In addition, Episcopal Retirement strongly advises that the account holder promptly notify the financial institution or company that maintains the account if any suspicious activity is detected. Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.
For more information about tips to protect from identity theft, please visit www.episcopalretirement.com