Date: March 28, 2023
We regret to inform you that we, and those we serve and care for, have been a successful target of a data incident. This incident does impact Care Team members, current and former, and Residents, current and former. Impacted individuals will receive additional notice in the coming days via mail. We are working with leading digital forensics to confirm what information was compromised and the severity of the risk. We have already begun to take additional steps to strengthen our technology by improving policy and practices to provide further protection against future attacks. For any questions, please be made aware that you can call toll free, (888)-397-0071 with engagement number B088543 or email at Security@MajesticCare.com to address any questions or issues. Delivery of exceptional, quality care remains our focus and we sincerely apologize for any inconvenience caused.
What Happened
On December 13, 2022, we first learned of a security incident that disrupted access to Majestic Care information systems (the “Incident”). The disruption to Majestic Care information systems lasted from December 13, 2022 until access was restored on or about December 16, 2022. Upon discovery of the Incident, Majestic Care immediately engaged a trusted third-party forensics firm to assist in ending the disruption to Majestic Care information systems as well as understanding the scope and impact of the Incident. Based on our investigation, we learned that the attack was made possible by an unauthorized individual through malicious software on our internal systems and that the initial instance of unauthorized access began on December 9, 2022. We have worked with our third-party forensics firm to secure all systems, remediate any risks, and successfully and securely bring our systems back online, while adopting additional technical and organizational tools to address system vulnerabilities. On February 3, 2023, Majestic Care learned that in addition to the disrupted access to Majestic Care information systems, the Incident may have also resulted in the unauthorized access, viewing, or removal of protected health information from our systems. Once aware of the Incident and its potential impact on personal information, we began analyzing the impacted files to better understand what personal information was potentially at risk, and we began to provide notice to individuals and governmental authorities, as applicable.
What Information Was Involved
Although Majestic Care has confirmed unauthorized access to its information systems between December 9, 2022 and December 16, 2022, there is no conclusive evidence that the intruder has used or disclosed any of the accessible personal information. At this point in our investigation, we can neither confirm nor deny that any personal information was successfully exfiltrated by the intruder. In an abundance of caution, we are informing the public that the intruder may have accessed, viewed, or removed from our systems the following categories of protected health information: first and last name; mailing address; date of birth; telephone number; driver’s license number; Social Security number; and information related to healthcare payment and treatment.
What We Did and What We Are Doing
Upon learning of the Incident, we immediately took protective measures to understand the Incident’s scope and to secure our systems and data. We engaged a third-party forensics firm to investigate the Incident, identify the root cause, and determine the scope of accessible information. We have carefully brought our systems back online, and we continue to closely monitor our network and information systems for unusual activity. Additionally, we are continuing our due diligence efforts, including engaging as appropriate, additional resources and experts and evaluating the extent of risk to personal information.
We will continue to implement the recommendations from our third-party forensics firm to further improve Majestic Care’s administrative, technical, and physical safeguards.
What You Can Do
We sincerely regret any concern this causes you and any inconvenience resulting from this Incident. Majestic Care has provided written notice to impacted individuals whose addresses were available, but it was unable to confirm mailing addresses for some impacted individuals. To learn more about whether your personal information may have been impacted, please contact us using the information provided below, or send an email to Security@MajesticCare.com.
Although we have not received reports or indication of such activity, the risks related to unauthorized use of sensitive information, such as Social Security numbers or bank account numbers and routing numbers, may include identity theft, financial fraud, and tax fraud. We encourage you to remain vigilant in reviewing activity on all accounts in which you keep sensitive information, including your credit files. We will continue to keep you posted on any applicable updates.
Please also take care and attention when submitting tax returns to protect against possible fraudulent submissions made on your behalf. If you have concerns about identity theft, you can contact local law enforcement and file a police report. You can also contact your state’s Attorney General, as well as the Federal Trade Commission or one of the credit bureaus for more information about how to protect your identity.
For More Information
You can place an identity theft/fraud alert, get credit freeze information for your state, or order a free credit report by calling any of the following credit bureaus at one of the phone numbers listed below or visiting their respective websites.
| Equifax – 1-888-766-0008 P.O. Box 740256 Atlanta, GA 30348 https://www.equifax.com/personal/credit-report-services/ | Experian – 1-888-397-3742 P.O. Box 4500 Allen, TX 75013 https://www.experian.com/help/ | Trans Union – 1-800-916-8800 P.O. Box 2000 Chester, PA 19022 https://www.transunion.com/credit-help |
Credit Reports. You can request credit reports be sent to you free of charge from all three credit bureaus. Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Thieves may hold stolen information to use at different times. Periodically checking your credit reports can help you spot problems and address them quickly.
Fraud Alerts. You can place a fraud alert with the credit bureaus free of charge. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Contact any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year. You can renew it after one year.
Security Freeze. Under state law, a security freeze (or a credit freeze) prohibits a credit bureau from releasing any information from a consumer’s credit report without written authorization. There is no fee associated with freezing or thawing your credit. The process of freezing your credit takes only a few minutes. You must contact each credit bureau individually to freeze your credit with each bureau. To place a security freeze, you may need to provide the following information:
- Your full name;
- Social Security number;
- Date of birth;
- Mobile number;
- Current postal address;
- Email address; and
- Any other information that the credit bureau may require.
The credit bureaus have one business day after your request to place a security freeze if made by telephone or secure electronic means. If the request is made by mail, the credit bureaus have three business days. The credit bureaus must also send written confirmation to you within five business days.
To lift the security freeze, in order to allow a specific entity or individual access to your credit report, you must apply online, call, or send a written request to the credit bureaus by mail. When you contact a credit bureau to lift the security freeze, you will need to include proper identification (name, address, and Social Security number) and the PIN number or password that was provided to you (if provided) when you placed the security freeze as well as the identities of those entities or individuals you would like to receive your credit report or the specific period of time you want the credit report available. If you request a credit thaw online or by phone, the credit bureaus are required by law to complete the request within one hour. If you request the thaw by regular mail, the credit bureaus have three business days after receiving your request to lift the security freeze for those identified entities or for the specified period of time.
The Federal Trade Commission (FTC) provides more information about how to protect your identity at either https://www.ftc.gov/ or https://www.identitytheft.gov/. You may also find additional information on any applicable rights under the Fair Credit Reporting Act. You can contact the FTC using the information below.
Federal Trade Commission – 1-202-326-2222
Bureau of Consumer Protection
600 Pennsylvania Avenue, NW
Washington, DC 20580
| For Maryland Residents: You may also contact the Maryland Attorney General’s Office for more information about how to protect your identity by using the information below: Attorney General Anthony G. Brown 200 St. Paul Place Baltimore, MD 21202 Phone: 410-528-8662 Website: https://www.marylandattorneygeneral.gov/ | For New York Residents: You may also contact the New York Attorney General’s Office for more information about how to protect your identity by using the information below: Attorney General Letitia James Toll Free Phone Number: (800) 771-7755 Website: https://ag.ny.gov/ |
| For North Carolina Residents: You may also contact the North Carolina Attorney General’s Office for more information about how to protect your identity by using the information below: Attorney General Josh Stein 9001 Mail Service Center Raleigh, NC 27699-9001 Toll Free in NC: 1-877-566-7226 Outside NC: 919-716-6000 Website: https://ncdoj.gov/ | For Washington D.C. Residents: You may also contact the Washington D.C. Attorney General’s Office for more information about how to protect your identity by using the information below: Attorney General Brian Schwalb 400 6th St. NW Washington, D.C. 20001 Phone: (202)-727-3400 Website: https://oag.dc.gov/ |
Again, we sincerely regret that this Incident has occurred. If you have any questions, please contact us at:
Majestic Care of Middletown
777 E. Main St., Westfield, IN 46074
(888)-397-0071 with engagement number B088543