Independent Living Systems is issuing notice of a data event that may impact the privacy of certain individuals' personal and/or protected health information. ILS is also issuing notification to impacted individuals as a direct provider of services and on behalf of certain data owner clients and covered entity health plans. ILS is providing information about the event and its response. ILS is unaware of any identity theft or fraud resulting from this event. ILS is providing this notice out of an abundance of caution.
On July 5, 2022, ILS experienced an incident involving the inaccessibility of certain computer systems on its network. ILS responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through their response efforts, ILS learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed. Upon containing the incident and reconnecting its computer systems, ILS conducted a comprehensive review to understand the scope of potentially affected information and identify the individuals to whom such information relates. ILS received the results of this review on January 17, 2023, and then worked as quickly as possible to validate the results and provide notice to potentially impacted individuals and entities.
The types of impacted information varies by individual and could have included: name, address, date of birth, driver's license, state identification, Social Security number, financial account information, medical record number, Medicare or Medicaid identification, CIN#, mental or physical treatment/condition information, food delivery information, diagnosis code or diagnosis information, admission/discharge date, prescription information, billing/claims information, patient name, and health insurance information.
ILS previously notified potentially affected individuals on September 2, 2022, by posting a preliminary notice of this data event on its website. Additionally, ILS previously provided preliminary notice to its primary state and federal regulators. Now that its review and validation efforts are complete, ILS is notifying potentially affected individuals via this media release, posting supplemental notice on its website, and mailing letters to potentially affected individuals for whom ILS has address information. ILS is also providing supplemental notice to its primary state and federal regulators, initial notice to certain additional state regulators (as required), and initial notice to the three major consumer reporting agencies (i.e., Equifax, Experian, and TransUnion).
Potentially affected individuals can also find additional information on how they can help protect their personal information, as well as obtain additional resources, by visiting ILS's website at https://ilshealth.com/. As a precautionary measure, ILS encourages potentially affected individuals to remain vigilant against incidents of identity theft and fraud by reviewing their accounts statements, explanations of benefits, and credit reports carefully for unexpected activity and to report any questionable activity to the associated institutions immediately.