Notice of Email Incident
Notice to our Customers of an Email Incident
Gulf Bend Center (“Gulf Bend”) is committed to protecting the confidentiality and security of our customers’ information. Regrettably, this notice is about an incident that involves some of that information.
On May 13, 2019, we learned that an unauthorized person gained access to an employee email account between April 15, 2019 and May 8, 2019. We immediately secured the account, began an investigation, and a leading cyber security firm was hired to assist in the investigation. The investigation was unable to determine whether the unauthorized individual actually viewed any of the emails in the account. Although the investigation was unable to determine whether the unauthorized person actually viewed any of the emails, we did determine that some customer information was contained in the email account, which may have included customer names, some limited health information, and in a few instances, Social Security numbers.
This incident does not affect all Gulf Bend customers; only some Intellectual and Developmental Disabilities (IDD) customers who received services after September of 2016 are affected.
We have no indication that any customer information has been misused. However, in an abundance of caution, we mailed letters to affected customers on July 12, 2019 and established a dedicated call center to answer questions. If you believe you have been affected and do not receive a letter by August 12, 2019, please call 1-844-867-7277, from 7 a.m. to 4:00 p.m. Central Time, Monday through Friday.
We recommend that affected customers review the statements they receive from their healthcare provider. If they see services they did not receive, please contact the provider immediately. For those customers whose Social Security numbers were included in the email accounts, we are offering a complimentary one-year membership of credit monitoring and identity protection services.
To help prevent something like this from happening in the future, we changed the password on the email account, implemented additional technical security measures, and are reinforcing employee training on how to detect and avoid phishing emails.