Living Innovations Reports Data Breach Stemming from Phishing Incident

Console and Associates, P.C.

On August 5, 2022, Living Innovations confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on Living Innovations’ network. According to Living Innovations, the breach resulted in the names, health insurance or Medicaid information, Social Security numbers, and other information related to any services received at Living Innovations being compromised. Recently, Living Innovations sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Living Innovations data breach, please see our recent piece on the topic here.

More About the Living Innovations Data Breach

According to an official notice filed by the company, on June 7, 2022, Living Innovations detected unusual activity within several employee email accounts. In response, with the assistance of outside cybersecurity professionals, the company launched an investigation into the potential data security incident.

This investigation confirmed that an unauthorized party was able to access several employee email accounts between June 6, 2022 and June 14, 2022. Living Innovations believes that the cyberattack was designed to induce payment on a fraudulent invoice; however, the unauthorized party also had access to all client information contained within the affected email account.

After discovering that sensitive consumer data was accessible to an unauthorized party, Living Innovations then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, health insurance or Medicaid information, Social Security number, and other information related to any services received at Living Innovations to you or your loved one.

On August 5, 2022, Living Innovations sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Living Innovations

Founded in 1996, Living Innovations provides individuals with long-term illnesses or developmental disabilities and children with health and behavioral needs. Living Innovations is based in Augusta, Maine, and has locations throughout New Hampshire, Maine, Rhode Island and Connecticut. In 2021, Living Innovations became a service of Mosaic, a larger organization that provides care for women and children experiencing disabilities. Living Innovations employs more than 473 people and generates approximately $88 million in annual revenue.

How Phishing Attacks Lead to Data Breaches

In the company’s letter to those impacted by the recent data breach, Living Innovations notes that “[t]o help prevent something like this from happening again, we strengthened our email security protocols and will provide additional training to our employees on how to detect and avoid phishing emails.” This seems to indicate that the breach was the result of a successful email phishing attack.

Email phishing is an increasingly common way for hackers to obtain sensitive consumer information. In 2022, many healthcare and related service providers have been the target of phishing emails. A phishing attack relies on principles of social engineering to get an employee to provide information to the hacker. Usually, this is done either by directly asking the employee for sensitive information, such as their login credentials or by tricking the employee into downloading malicious software that infects the victim’s computer.

While it may seem like phishing emails would be easy to detect, that is not the case. For example, in 2021, 86 percent of U.S. companies reported that at least one employee clicked a phishing link. Not surprisingly, given their effectiveness, email-based phishing attacks are the most common type of cyberattack. According to the Identity Theft Resource Center, in 2021, phishing attacks made up a third of all U.S. cyberattacks.

Once a hacker has access to an employee’s email account, they also have access to any of the sensitive information stored in the account. Often, hackers leverage their position by locking the victim out of their device and threatening to release any stolen data to the dark web unless the victim organization pays a ransom. These are referred to as ransomware attacks, and while not every phishing email turns into a ransomware attack, many do.

Organizations have an obligation to safely maintain the consumer data in their possession. Those companies that are negligent in their handling of consumer data may be liable through a data breach class action lawsuit. Those impacted by a recent data breach should reach out to an experienced data breach lawyer to learn more about their rights.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide