HEALTHCARE DATA BREACH – PATIENT INFORMATION AT RISK

Zimmerman Reed is representing patients impacted by healthcare data breaches. These data leaks expose confidential patient data such as names, addresses, dates of birth, and Social Security numbers. Sensitive data like medical records, treatment plans, diagnoses, and insurance information have also been exposed.

Multiple studies report a recent increase in data breaches affecting the healthcare sector. Healthcare data breaches reportedly impacted 45 million customers in 2021, and from 2019 to 2021 there was a 51% increase in the total volume of confidential medical records exposed from data breaches.

Zimmerman Reed is actively investigating the following health system data breaches:

HIVE, a known hacking group, has reportedly gained access to personal and medical information of Lake Charles Memorial Health System patients. Reports indicate that the intruders successfully stole sensitive and personal information, including patient names, physical addresses, dates of birth, medical records, patient identification numbers, health insurance, and payment information and some clinical information regarding received care. Some social security numbers were also impacted. Approximately 270,000 patients were impacted by the data breach.

Connexin Software, Inc., an IT service provider to pediatric physician practice groups, has started alerting more than 2.2 million about a security data breach detected on August 26, 2022.  The data breach reportedly impacts 119 pediatric practices nationwide. Connexin Software said hackers exfiltrated some persona and private information, which may have included patient’s names, addresses, dates of birth, social security numbers, health insurance information, medical and/or treatment information, and billing and/or claims information.  Information of a parent, guardian, or guarantor may have also been impacted by the incident.

Community Health Network has notified patients that certain health information has been transmitted to web tracking technology vendors.  The data security incident has reportedly impacted 1.5 million Community Health Network patients.  Information that could have been transmitted includes computer IP addresses; dates, time, or locations of scheduled appointments; health care provider information; type of appointment or procedure scheduled; communications, including first and last name and medical record numbers that occurred through MyChart; and, information about insurance coverage.

Refuah Health Center has started alerting more than 260,000 patents about a  security breach that occurred between May 31, 2021 and June 1, 2021, although the health facility did not discover the breach until March 2, 2022.  Refuah Heath said that hackers exfiltrated some personal and sensitive information, including Social Security numbers, driver’s license numbers, state identification numbers, dates of birth, bank/financial account information, credit/debit card information, medical treatment/diagnosis information, Medicare/Medicaid numbers, medical record numbers, patient account numbers, and health insurance policy numbers.

A data security incident on March 10, 2022 may have exposed the personal information of more than 86,000 patients who received treatment at Val Verde Regional Medical Center.  The healthcare facility announced that an unauthorized party accessed, and potentially downloaded, patient names, addresses, Social Security numbers, and some patient account numbers and medical records. Val Verde began notifying patients of the breach on May 25, 2022.

AvosLocker, a ransomware threat group, has reportedly gained access to personal and medical information of CHRISTUS Health patients.  Reports indicate that AvosLocker has posted some personal and highly sensitive information, including names of patients with positive COVID-19 tests results, personnel data, and patient admissions and operating room records.  CHRISTUS Health operates 600 facilities across four U.S. states, Mexico, Columbia, and Chile.

A July 27, 2021 data breach may have exposed personal and protected information of approximately 318,000 patients.  The healthcare facility announced that names, addresses, health insurance information, medical record numbers, birth dates, patient account numbers, claim information, treatment information, and hospital or medical group information were involved in the breach, as well as some social security numbers and driver’s license numbers.  SuperCare Health began notifying patients of the breach on March 25, 2022.

A July 27, 2021 data breach may have exposed personal and protected information of approximately 318,000 patients.  The healthcare facility announced that names, addresses, health insurance information, medical record numbers, birth dates, patient account numbers, claim information, treatment information, and hospital or medical group information were involved in the breach, as well as some social security numbers and driver’s license numbers.  SuperCare Health began notifying patients of the breach on March 25, 2022.

The North Dakota-based healthcare provider has alerted the U.S. Department of Health and Human Services, Office for Civil Rights that it experienced a data breach impacting 510,574 patients.  According to reports, the breach occurred on or about October 17, 2021.  An investigation into the matter concluded that certain data containing personal information was potentially accessed.

A cyberattack on February 12, 2022 allowed hackers to acquire certain files, including documents that contained patients’ names, birth dates, medical record numbers, health insurance information, and case numbers. According to reports, the breach may have impacted the personal and sensitive data of up to 312,000 patients.

A data breach in 2021 may have exposed the protected health information of approximately 54,000 patients for more than six weeks. The breach included private information such as names, birthdates, Social Security numbers, treatment details, prescription details, and health insurance details, as well as financial information for some patients. The stolen private data is posted on the dark web and has reportedly been accessed 350,000 times on cybercrime forums.

HelloKitty, a hacking group, is believed to have gained access to personal and medical information of more than 750,000 patients and 522 current employees in 2021. The hackers may have collected names, addresses, dates of birth, dates of service, diagnosis and procedure codes, medical record numbers, insurance provider names, and insurance ID numbers.



Contact Us

HOW WE CAN HELP

Zimmerman Reed has years of experience in data breach actions. If you have been impacted by a healthcare data breach, please contact us by completing the form above. We can help navigate the next steps and welcome the opportunity to answer your questions.

Your Team

Brian Gudmundson
Brian Gudmundson | Partner

View Full Bio
michael laird
Michael Laird | Attorney

View Full Bio
jason johnston
Jason Johnston | Partner

View Full Bio
Rachel Tack
Rachel Tack | Attorney

View Full Bio
Leslie A. Harms
Leslie Harms | Paralegal

View Full Bio
barb doten
Barb Doten | Client Liaison

View Full Bio