On November 21, 2022, Hope Health Systems, Inc. (“HHS”) reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights after the company learned that sensitive patient information stored on its network had been leaked. ransomware attack. According to HHS, the breach resulted in the compromise of patients’ names, addresses, dates of birth, social security numbers, driver’s license numbers, health insurance information, and medical information. Recently, HHS sent data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves against identity theft and other fraud.
As a patient, you place great trust in your healthcare providers. Naturally, you assume that any healthcare office will not only provide you with the treatment you need, but will also keep your sensitive information safe. Unfortunately, this is not always the case. However, as we noted earlier posts, healthcare providers who are negligent in the way they store your information may be held liable through a data breach lawsuit. These claims can not only provide you with meaningful compensation for all that you have suffered, but also encourage all vendors to take their data security responsibilities more seriously, which will hopefully reduce the risk of similar incidents in the future.
What led to the Hope Health Systems data breach
Information about the Hope Health Systems breach comes from the US Department of Health and Human Services Civil Rights Violation Portal as well as a notice posted on the Hope Health Systems website. According to these sources, on June 20, 2022, HHS was first notified of a possible cybersecurity event when portions of the company’s computer network were encrypted.
In response, HHS began working with an external cybersecurity firm to investigate the incident and determine what, if any, patient data was compromised as a result. The HHS investigation confirmed that an unauthorized party had gained access to the company’s computer network beginning June 10, 2022. On August 24, 2022, the investigation also revealed that some of the encrypted files contained sensitive information belonging to certain patients, although HHS may not confirm that the unauthorized party actually viewed, accessed, or deleted the data.
After discovering that sensitive consumer data had been made available to an unauthorized party, Hope Health Systems began reviewing the affected files to determine what information had been compromised and which consumers had been affected. The company completed this process on October 18, 2022. Although the information disclosed will vary depending on the individual, it may include your name, address, date of birth, social security number, driver’s license number, information about health insurance and medical information.
On November 21, 2022, Hope Health Systems sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
Founded in 1999, Hope Health Systems, Inc. is a private, for-profit mental health service provider based in Woodlawn, Maryland. The company provides direct mental health, addictions and community support services to adults, children and minors in institutional and outpatient settings through three Maryland locations in Woodlawn, Greenspring and Carroll County. HHS also provides administrative management and research consulting services. Hope Health Systems employs over 134 people and generates approximately $36 million in annual revenue.
#Hope #Health #Systems #Suffers #Ransomware #Attack #Leading #Data #Breach #Supra