Ethos, a Jamaica Plain-based non-profit organization serving the elderly and disabled, notified around 13,500 people of a data breach last November.
According to a letter sent from the organization’s counsel to the Maine Attorney General, “In November 2023, Ethos suffered a cybersecurity incident in which its network was encrypted and a monetary demand for decryption was made.” Usually this type of action is known as a ransomware attack. Continuing, “There was minimal interruption of services to the community served by the non-profit entity. Ethos immediately terminated unauthorized access to the network and began an investigation to determine what happened. Ethos was able to restore full operations and obtain assurance of the destruction of any removed data.”
Ethos was able to continue providing services amidst the breach, which is a testament to its preparedness and response planning. This type of resilience is something that SMBs should aim to emulate -- Having a plan in place to address and mitigate the effects of a cyber-attack quickly can be the difference between a minor setback and a catastrophic business failure.
“The potentially involved information included names, addresses, medical insurance information, and health and treatment information,” the organization noted in a press release on their website. “For a small group of people, Social Security numbers were involved. On March 19, 2024 we determined current address information for the potentially involved individuals in order to effectuate written notification of the incident.”
The incident highlights the necessity for SMBs to invest in comprehensive cybersecurity strategies to protect their assets and maintain the trust of their clients. As businesses increasingly rely on digital solutions, prioritizing cybersecurity is not just prudent—it's essential for the longevity and success of any modern business.