Phishing Scam Information
Notice to Clients Regarding Phishing ScamOn October 16, 2013, Mosaic discovered that client information was in an email account of an employee who had fallen victim to an email phishing scam on an unknown date. Mosaic has taken actions to secure the email account and law enforcement has been notified. Phishing is an email scam that seeks to acquire information by masquerading as a trustworthy entity in an electronic communication. These email scams have become increasingly convincing and sophisticated in recent years.
During it investigation, Mosaic discovered that other Mosaic employees had been deceived by a similar phishing email scam. All affected email accounts were secured and passwords were changed. Mosaic undertook a comprehensive review of the affected email accounts and confirmed that they contained client information used by Mosaic for administrative purposes and may have included clients' names, dates of birth, addresses, telephone numbers, birth certificates, driver's licenses or government--issued identification cards, medical record numbers, insurance identification numbers, insurance/client payments, Medicaid and Medicare numbers, limited clinical information (which may include, but is not limited to: incident reports, diagnoses, procedures, prescription information), and, in some instances, Social Security numbers and financial account information.
At this time, all evidence suggests that the main target of this scam was the financial information of Mosaic. However, Mosaic was unable to confirm whether the unknown party accessed information contained in the emails, and therefore, as a precautionary measure, began sending letters to affected clients on December 11, 2013. Mosaic is offering to eligible affected clients a complimentary one-year membership in Experian's ProtectMyID Alert credit monitoring and identity theft protection services.
Mosaic also has established a dedicated call center for clients to call with any questions. If you believe you are affected, but have not received a letter by December 20, 2013, please call 1-877-238-3229 Monday through Friday between 8:00 a.m. and 5:00 p.m. Mountain Time (closed on U.S. observed holidays), and provide the following ten digit reference number 2465120513 when prompted.
We deeply regret any inconvenience this may cause. Mosaic is committed to protecting your information. To prevent a similar incident from happening in the future, Mosaic is conducting a comprehensive review of its information security practices and procedures, as well as
re-educating employees regarding online security awareness.