Service Access & Management, Inc. (SAM) is a case management service provider for youngsters and families in New Jersey and Pennsylvania. The organization employs more than 600 people and generates approximately $68 million in annual revenue. Recently, SAM sent notifications to its clients about the potential breach of their protected health information (PHI) following a cyberattack in July 2024. The Reading, PA-based organization discovered unauthorized activity on its systems on July 5, 2024, prompting the immediate activation of incident response protocols. With assistance from independent computer forensics experts, SAM confirmed that its systems had been accessed without authorization.
By July 29, 2024, SAM confirmed the exposure of personal data and PHI in the breach. However, the company has not mentioned in its substitute breach notice posted on its website the exact types of data compromised. SAM is still trying to identify the individuals impacted by the attack and clarify the specific details of the data involved. Once this process is complete, SAM will send notifications to those impacted.
As part of its response to the incident, SAM has committed to offering free credit monitoring and identity theft protection services to persons who had their Social Security numbers (SSNs) compromised in the breach. In compliance with the HIPAA breach notification rule, SAM reported the breach to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), listing an initial count of 501 individuals affected. This number will be updated as SAM concludes its investigation and completes its review of the compromised files.
Upon knowing that an unauthorized party accessed sensitive consumer information, SAM thoroughly reviewed the compromised files to find out what data was exposed and which clients were affected. The organization completed its investigation by July 29, 2024. Although SAM’s public notice on its website does not specify the nature of the compromised information, it reassures clients that those whose Social Security numbers were exposed will receive free credit monitoring and identity restoration services, indicating that SSNs were likely part of the exposed data.
Service Access & Management will soon be sending data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of the information that was compromised.
In the coming days, Service Access & Management will mail all impacted individuals data breach notification letters. These letters will detail the information that was compromised and offer guidance on steps to take to protect against potential misuse of their data. As the investigation continues, SAM remains committed to addressing the breach and ensuring that all affected people receive the support and protection they need.