Golden Gate Regional Center notifies current and former consumers of IT security incident

SAN FRANCISCO, Nov. 20, 2020 /PRNewswire/ -- Working with the California Department of Developmental Services, Golden Gate Regional Center ("GGRC") develops innovative services and supports responsive to the needs and aspirations of individuals with intellectual and developmental disabilities and their families in the San Francisco, Marin and San Mateo counties. GGRC announced today that it recently learned of an incident that may affect the security of personal and protected health information of some of the individuals it serves. GGRC has sent notification of this incident to potentially impacted individuals and is providing resources to assist them.

After noticing suspicious activity on its systems on September 23, 2020, GGRC launched an investigation to determine the nature and scope of the suspicious activities. Working with outside computer forensics specialists, GGRC determined that an unknown actor accessed the GGRC network and removed certain information from it in connection with a ransomware incident.

GGRC undertook a comprehensive and time-intensive review of all files that could have been impacted to determine whether protected health information and/or personal information was present in files. The information potentially accessed by the unauthorized actor includes: names, GGRC-issued unique client identifier ("UCI") numbers, service descriptions or codes, vendor or service provider names or numbers, months or years of service, and/or cost information related to services.

Currently, there is no evidence of the misuse of any information potentially involved in this incident. Yet out of an abundance of caution, notice of this incident was sent to the potentially impacted individuals on November 20, 2020. In addition to informing potentially impacted individuals about the incident, the notification letter includes steps that potentially impacted individuals can take to protect their information and offers these individuals access to complimentary identity monitoring and protection services.  GGRC recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.

GGRC has reported this incident to law enforcement and is also reporting this incident to certain regulatory authorities, as required.

"Maintaining the privacy and security of information related to each individual we serve and support is of the utmost importance to Golden Gate Regional Center," said Executive Director Eric Zigman. "Once we were notified about the incident, we immediately assembled a response team, including legal counsel specializing in cyber and data security incidents and computer forensic experts. Through this team, notifications have been sent to individuals who may have been impacted and we will work closely with them to provide assistance. We will continue to focus on the privacy of our consumers and strive to maintain the trust of our community. We deeply regret any worry this incident causes and we thank our community for its support while we continue to help all the individuals we serve to thrive in their chosen communities."

GGRC is committed to the welfare of the individuals it serves and to protecting their information and has established a dedicated assistance line for individuals seeking additional information regarding this incident. Individuals seeking additional information may call the toll-free assistance line at 1-833-905-3233. This toll-free line is available from 6:00 a.m. to 6:00 p.m. PT, Monday through Friday, excluding U.S. holidays. Individuals seeking to contact GGRC directly may also write to us at 1355 Market Street, Suite 220, San Francisco, CA. 94103.

SOURCE Golden Gate Regional Center