The Cerebral Palsy Research Foundation is notifying 8,300 clients who were served from 2001 to 2010 that a database containing their demographic data was vulnerable for 10 months.
CPRF discovered March 10 that although the demographic database, which was created in early 2000, was stored in a secure subdomain, it was not identified during its recent server change. As a result, the information was temporarily exposed.
The exposed information could include personal identifiable data and personal health information regarding the client's type of disability. However, no financial or donor information were compromised. CPRF is offering affected clients one year of free credit monitoring and identity protection services.
"Once we became aware of the situation, we immediately re-secured the information and took the necessary steps to determine the scope and nature of the information in order to send notification letters to those affected," CPRF wrote in a privacy notice on its website.
It also conducted an audit of its other subdomains, which did not detect any other vulnerabilities, and it reinforced its data security policies and procedures. CPRF is hiring a third-party consultant to carry out routine vulnerability and penetration evaluations.
More articles on cybersecurity:
DHS issues cybersecurity warning on Philips' CT scanners: 5 things to know
Louisiana eye surgery center notifies patients after laptop containing PHI is stolen
7k patients file HIPAA violations in the past 5 years: 5 things to know