On April 21, 2020, CodeMetro systems suffered a ransomware attack, which was detected within hours of its deployment. Upon discovery, CodeMetro took immediate steps to contain the threat and engaged a third-party forensic firm to investigate the incident and assist with remediation efforts. CodeMetro also notified federal law enforcement authorities of the incident.
CodeMetro’s investigation has found that prior to deploying the ransomware, the criminals were able to access a database server and deploy tools to copy and remove some data. The database server contained health-related patient information and employee payroll information.Back To Top
CodeMetro provides software solutions such as NPAWorks to applied behavior analysis providers. These applied behavior analysis providers may have used CodeMetro services that involved patient and/or employee information.Back To Top
We notified all providers/employers whose employees’ or patients’ information may have been involved of the incident by letter dated May 29, 2020.Back To Top
The patient information may have included:
Please note that the data fields that may have been impacted depend on the provider and not all data fields may have been involved for all individuals. If the patient is covered under TRICARE, the health insurance ID number may be a guarantor/legal guardian’s Social Security number.
The employee information may have included name, address, Social Security number, driver’s license number, and date of birth.Back To Top
We have attempted to notify by letter the individuals whose information may have been involved in this incident. If you are affected by this incident, it is possible the letter has not yet arrived. It is also possible that your information was not involved in this incident. If you were not affected by this incident, you will not receive a letter. In the event you do not receive a notice but think your data may have been impacted, a notice has been posted on this website that can provide more information.Back To Top
As soon as CodeMetro discovered the incident, the company promptly launched a forensic investigation, contacted law enforcement, and took steps to remediate the incident. It was important that we accurately understood what happened and properly identified who was affected.Back To Top
CodeMetro takes data security incidents very seriously and has worked to implement the necessary steps to ensure the continued protection of data. In response to this incident, CodeMetro also enhanced its security and monitoring as well as hardened systems to minimize the risk of any similar incident in the future. CodeMetro has also arranged to offer credit monitoring for a period of one year, at no cost to those individuals whose Social Security numbers or driver’s license numbers may have been involved.Back To Top
If your Social Security number or driver’s license number was potentially impacted, we are offering you complimentary credit monitoring services. For more information about these services and instructions on how to activate the membership, please follow the steps included in the letter sent to you.
Even if your Social Security number or driver’s license number was not potentially impacted, you may obtain a copy of your credit report, free of charge, directly from each of the three nationwide credit reporting companies. To order your free annual credit report, visit www.annualcreditreport.com, call toll-free at 1-877-322-8228, or complete the Annual Credit Report Request Form on the U.S. Federal Trade Commission’s (“FTC”) website at www.ftc.gov and mail it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348-5281. The three credit bureaus provide free annual credit reports only through the website, toll-free number or request form.Back To Top
We encourage you to remain vigilant in monitoring your account statements for any unusual or unauthorized activity, and to promptly report such incidents to your health care provider, insurer or company with which the account is maintained. The Reference Guide also contains general steps you can take to monitor and protect your personal information.Back To Top
Please call 1-855-907-2106 (Toll-Free) to ask questions and learn additional information. This call center is open 9:00 a.m. to 9:00 p.m. ET, Monday through Friday, except holidays.Back To Top