Notice of a Data Security Incident

The Harris Center for Mental Health and IDD (“The Harris Center”) has learned that the MOVEit data incident may have involved personal informaton of some The Harris Center patients and other individuals.  MOVEit is a popular file transfer service used by government agencies, corporations, health care entities, and other organizations around the world. At the end of May, 2023, unauthorized third parties began exploiting a previously unknown vulnerability in MOVEit that allowed the third parties gain access to files on MOVEit systems. The Harris Center does not directly use MOVEit. However, on June 20, 2023, we learned that the third parties exploited the MOVEit system used by one of our service providers. Upon learning of the incident at our service provider, we promptly began an investigation and worked closely with our service provider to ensure that they were taking steps to further secure our information. Our investigation determined that the third parties gained access to certain The Harris Center documents. This incident did not involve unauthorized access to any The Harris Center systems. 

We conducted a comprehensive review of the documents acquired by the third party to determine if they contained any personal information. On August 9, 2023, we completed our review and determined that the documents contained personal information that included, depending on the individual, their name, address, date of birth, Social Security number, health insurance information, and protected health information. The incident did not impact The Harris Center’s electronic medical records nor any patients’ financial institution information. 

On August 17, 2023, The Harris Center began sending written notification to the individuals whose information could have been involved in the incident and for whom The Harris Center has contact information. Individuals should refer to the notice they will receive in the mail regarding steps they can take to protect themselves.  

As a precautionary measure, notified individuals should remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements and monitoring credit reports closely. If individuals detect any suspicious activity on an account, they should promptly notify the financial institution or company with which the account is maintained. They should also promptly report any fraudulent activity or any suspected incidents of identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Notified individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Notified individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. 

The Harris Center is committed to protecting all personal information entrusted to us.  We along with our service provider have taken steps to help prevent this from happening in the future.   For further information and assistance, please call 1-833-881-5354 from 9am to 4pm, Central, Monday through Friday.