Notice of Data Security Incident

Dec. 17, 2021 This is to notify affected individuals about a data security incident that involved a limited number of our clients’ personal information. Integrated Services of Kalamazoo, Inc. (“ISK”) takes the protection of your information very seriously. For this reason, we are contacting you directly to explain the circumstances of the incident and provide you with information on how you can take additional steps to protect your personal information.
WHAT HAPPENED?

In late spring, ISK became aware of unusual activity within an employee’s email account. ISK immediately conducted an internal investigation which included the involvement of forensics or legal investigators, which revealed that an unauthorized individual had access to a limited number of ISK email accounts and apparently used them to send SPAM emails. Such access potential to the email accounts was from March 29 to May 25, 2021.

WHAT INFORMATION WAS INVOLVED?

While we have no confirmation of what information may have been viewed or accessed, the following information may have been involved: individuals’ names, email and contact information, medical information, medical record numbers, treatment provider and location information, health insurance/Medicaid information, diagnosis, lab results, medications and other treatment information, driver’s license, bank and/or bank account information. Social Security numbers and  dates of birth may have been involved as well.

To view or download this information in a PDF document, please click HERE.

ISK is committed to providing valuable services to this community. Our deepest regrets for any inconvenience that this may have caused. Please do not hesitate to contact us at our customer service center if you have additional questions.
Thank you.
WHAT WE ARE DOING

Upon discovery of the incident, ISK immediately launched an internal investigation. ISK also retained independent third-party forensics firms to investigate the incident and sought the advice of legal and cyber-security experts. We were able to determine access to the ISK email accounts which may have affected the personal information of clients as outlined above. We are providing notice by U.S. mail and on our website to ensure all potentially affected individuals are informed about the incident.

While at this time we have no indication that any information has been misused, as a precautionary measure, we are notifying those members whose information may have been affected. In addition, for individuals whose SSN may be involved, we are offering credit/identity monitoring at no cost for one year. More information about steps you can take to protect yourself and enroll in credit monitoring, please see below and call the dedicated number below.

WHAT YOU CAN DO

Please review the recommendation below to protect your personal information. You can also contact the dedicated call center at the number below for more information.

If You Received a Letter, Why Was it Mailed From Oregon?

For those individuals for whom ISK had or was able to find contact information, ISK mailed a notification letter. In order to notify as quickly as possible, ISK is working with a mail processing vendor. The return address on your envelope is the return address for the mail processing vendor based in Oregon.

FOR MORE INFORMATION

If you have questions about the Incident or whether you qualify for services and how to enroll, please call 1-855-675-3121, Monday through Friday from 9:00 a.m. to 9:00 p.m. Eastern Time.

ISK is committed to providing valuable services to this community. ISK will continue to serve culturally sensitive, trauma-informed care to individuals with Mental Illness, Intellectual/Developmental Disabilities, or Substance Use issues. Our deepest regrets for any inconvenience that this may have caused. Please do not hesitate to contact us at our customer service center if you have additional questions.

Sincerely,

Jeff Patton
Chief Executive Officer

Integrated Services of Kalamazoo

Steps You Can Take to Further Protect Your Information

 

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity

As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and credit reports closely. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC).

Fraud Alert Information

Whether or not you enroll in credit monitoring, we recommend that you place a “Fraud Alert” on your credit file. Fraud Alert messages notify potential credit grantors to verify your identification before extending credit in your name in case someone is using your information without your consent. A Fraud Alert can make it more difficult for someone to get credit in your name; however, please be aware that it also may delay your ability to obtain credit. Call only one of the following three nationwide credit reporting companies to place your Fraud Alert: TransUnion, Equifax, or Experian. As soon as the credit reporting company confirms your Fraud Alert, they will also forward your alert request to the other two nationwide credit reporting companies, so you do not need to contact each of them separately. The contact information for the three nationwide credit reporting companies is:

Equifax
PO Box 740256
Atlanta, GA 30374
www.equifax.com
1-800-525-6285
TransUnion
PO Box 2000
Chester, PA 19016
www.transunion.com/fraud
1-800-680-7289
Experian
PO Box 9554
Allen, TX 75013
www.experian.com
1-888-397-3742

Free Credit Report Information

Under federal law, you are also entitled to one free credit report once every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or make a request online at www.annualcreditreport.com.

Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Victim information sometimes is held for use or shared among a group of thieves at different times. Checking your credit reports periodically can help you spot problems and address them quickly.

If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency, and file a police report. Get a copy of the report; many creditors want the information it contains to absolve you of the fraudulent debts. You also should file a complaint with the Federal Trade Commission (FTC) at www.identitytheft.gov or at 1-877-ID-THEFT (1-877- 438-4338). Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcers for their investigations. Also, visit the FTC’s website at www.ftc.gov/idtheft to review their free identity theft resources such as their comprehensive step-by-step guide “Identity Theft – A Recovery Plan”.

Security Freeze Information

You can request a “Security Freeze” on your credit file by sending a request in writing, by mail, to each of the three nationwide credit reporting companies. When a Security Freeze is added to your credit report, all third parties, such as credit lenders or other companies, whose use is not exempt under law will not be able to access your credit report without your consent. The Security Freeze may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make that involves access to your credit report. This may include, but is not limited to, new loans, credit, mortgages, insurance, rental housing, employment, investments, licenses, cellular phone service, utility service, digital signature service, Internet credit card transactions, and extension of credit at the point of sale. There may be a fee for placing, temporarily lifting, or removing a Security Freeze with each of the nationwide consumer reporting companies, although that fee is waived if you send the credit reporting company proof of eligibility by mailing a copy of a valid identity theft report, or other valid reports from a law enforcement agency to show you are a victim of identity theft and are eligible for free Security Freeze services.

To place a Security Freeze on your credit files at all three nationwide credit reporting companies, write to the addresses below:

Equifax Security Freeze
PO Box 105788
Atlanta, GA 30348
www.freeze.equifax.com
1-800-685-1111
TransUnion Security Freeze
PO Box 2000
Chester, PA 19016
transunion.com/freeze
1-888-909-8872
Experian Security Freeze
PO Box 9554
Allen, TX 75013
experian.com/freeze
1-888-397-3742

Within 5 business days of receiving your request for a security freeze, the consumer credit reporting company will provide you with a personal identification number (PIN) or password to use if you choose to remove the freeze on your consumer credit report or to authorize the release of your consumer credit report to a specific party or for a specified period after the freeze is in place.

Federal Trade Commission and State Attorneys General Offices

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your home state. You may also contact these agencies for information on how to prevent or minimize the risks of identity theft.

You may contact the Federal Trade Commission:

Consumer Response Center
600 Pennsylvania Avenue, NW
Washington, DC 20580
www.ftc.gov/bcp/edu/microsites/idtheft/
1-877-IDTHEFT (438-4338)