Ohio Living Data Breach (2018)

What Happened? On July 19, 2018, Ohio Living determined that there were potential unauthorized logins into some Ohio Living employee email accounts. Previously, on July 10, 2018, Ohio Living became aware of suspicious activity relating to an employee email account. They quickly launched an investigation to determine what may have happened and what information may have been affected. Working together with a leading computer forensics expert, Ohio Living's investigation determined that an unknown individual accessed employee email accounts on July 10, 2018. Because they were unable to determine which email messages may have been opened or taken by the unauthorized actor, Ohio Living reviewed the email accounts to identify what personal information was stored within them. What Information Was Involved? On September 4, 2018, Ohio Living determined that the affected email accounts contained, and the unauthorized actor may have accessed or acquired, information related to certain individuals who attended an Ohio Living facility, and/or received treatment from an Ohio Living facility, including the following types of information: name, contact information, Social Security number, financial information, date of birth, medical record number, patient identification number, medical and/or clinical information including diagnosis and treatment information, and health insurance information.