July 6, 2017
SAN JOSE, CA–White Blossom Care Center (“White Blossom”) announced today an incident that resulted in the exposure of certain resident information at its facility in San Jose, Calif. It is important to note that, based on the available information, we have no specific evidence that any potentially exposed data has been used inappropriately.
We recently received a report that a former White Blossom employee had improperly acquired resident data while employed at the facility. We immediately engaged an independent technical security expert to investigate and contacted state and federal law enforcement; we have continued to work closely with them on their investigation.
What information was involved.
Based on the available information, we believe data relating to approximately 800 residents may have been inappropriately acquired by the former White Blossom employee. We do not know when this took place. We currently believe that a limited number of the inappropriately acquired files contained some combination of resident names with social security numbers, dates of birth, health insurance carrier and account numbers, and/or limited medical information, such as admission dates, diagnoses, medications, and/or procedures. It is important to note that, based on available information, no bank account numbers or any other financial information is impacted.
What we are doing.
We recognize the trust that our residents place in us and have committed ourselves to taking steps to prevent this type of incident from happening again. Although our data systems have always contained safeguards to protect personal information, we are enhancing data security by resetting employee computer user accounts and passwords and reconfiguring our computer systems to further limit access to already-restricted sensitive resident data. We will continue to work with our independent technical expert to ascertain if additional improvements can be made. Additionally, although we have no specific evidence that any potentially exposed data has been used inappropriately, we are offering identity theft protection services to affected individuals in an abundance of caution.
What you can do.
The social security number of a limited number of individuals affected by this incident may have been exposed, and we therefore recommend that, in addition to enrolling in the services outlined above, you place a fraud alert on your credit files. A fraud alert requires potential creditors to use “reasonable policies and procedures” to verify your identity before issuing credit in your name. This fraud alert will automatically renew every 90 days. You can place a fraud alert by calling one of the three credit reporting agencies at the telephone number provided below. The company you call should contact the other two credit reporting agencies, so you should be able to place an alert with all three agencies through a single phone call. You will receive letters from all three agencies, confirming the fraud alert and letting you know how to obtain a free copy of your credit report from each agency. If you do not receive a letter from each agency, you may choose to contact the additional agencies to place individual fraud alerts.