Consumer Privacy & Data Breaches

March 22, 2023 – After realizing that private customer data had been compromised in a recent cybersecurity incident, Texas Medical Liability Trust filed a notice of data breach with the Attorney General of Texas on March 6, 2023. An unauthorized party was able to obtain customers’ names, Social Security numbers, driver’s license numbers, protected health information, and financial account information as a result of the breach,

March 19, 2023 – Happy State Bank (HSB) discovered that sensitive customer data kept on the business’s computer system had been accessed as a result of an email phishing attempt on March 16, 2023, and as a result, it filed a notice of data breach with the Maine Attorney General’s office. The breach led to an unauthorized entity obtaining access to the names and Social Security numbers

March 18, 2023 – AllCare Plus Pharmacy, Inc. learned that private patient data kept on the business’s computer system had been breached as a result of a cyberattack on March 16, 2023, and filed a notice of data breach with the Texas Attorney General. According to the business’s official report, the event led to unauthorized access to consumers’ names, Social Security numbers, protected health information, bank

March 18, 2023 – The Massachusetts Office of Consumer Affairs and Business Regulation received a notice of data breach from Voya Financial Advisors, Inc. on March 14, 2023, after the firm discovered that a third party had access to sensitive customer data contained on the company’s computer system. According to the business’s report, the incident led to a third party getting access to consumers’ names, addresses, and

March 16, 2023 – Following a purported “network outage,” which exposed private data in the company’s possession, Bone & Joint started notifying current and past clients, as well as staff members, of a data breach on March 7, 2023. The event led to the unauthorized party learning the names, addresses, phone numbers, dates of birth, Social Security numbers, medical information, and health insurance information of consumers.

March 15, 2023 – The Massachusetts Attorney General received notification of a data breach from Trinity Health Corporation on March 9, 2023, after it was discovered that a data security incident had exposed the private information of tens of thousands of patients. An unauthorized party was able to access consumers’ names, phone numbers, addresses, email addresses, dates of birth, patient ID numbers, prescription information, and protected health

March 16, 2023 – NorthStar Emergency Medical Services (NorthStar) discovered that a third party had obtained access to private patient data that was kept on the business’s IT network on March 14, 2023, and as a result, NorthStar filed a notice of data breach with the Attorney General of Maine. The incident led to the unauthorized party learning the names, dates of birth, Social Security numbers,

March 15, 2023 – Independent Living Systems, LLC (“ILS”) informed the Attorney General of Maine of a data breach on March 14, 2023, after verifying that unauthorized access to confidential patient data kept on the business’s computer network had occurred. According to the business’s filing, the event led to unauthorized access to the names, protected health information, and Social Security numbers of consumers. ILS started mailing data

March 15, 2023 – After learning that a successful email phishing attack had given an unauthorized party access to files containing private patient information, Beaver Medical Group filed a notification of a data breach with the Attorney General of California on March 8, 2023. The event led to unauthorized access to the names, premium payment amounts, health plan names, and member ID numbers of consumers, according to

March 15, 2023 – After discovering that a malware attack had exposed private student data to an unauthorized party, Merced College notified the Attorney General of California of the breach on March 9, 2023. The incident led to unauthorized access to consumers’ complete names, addresses, and Personally Identifying Information (PII), according to the company’s official filing. Merced College started mailing data breach notification letters to everyone who

March 13, 2023 – The Maine Attorney General received a notice of data breach from ZOLL Medical Corporation on March 10, 2023, as a consequence of a cybersecurity incident that exposed the private data of more than 1,000,000 customers. The event led to unauthorized access to the names, dates of birth, addresses, and Social Security numbers of consumers, according to the company’s filing. ZOLL started notifying

March 11, 2023 – After finding that private patient information had been compromised due to a cybersecurity incident, Lawrence General Hospital filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) on February 23, 2023. According to the business’s report to the HHS-OCR, the incident led to improper access to customers’ protected health information. After confirming that

March 11, 2023 – After learning that a cybersecurity incident at one of the company’s contractors exposed patient information to unauthorized access, Community Health Systems Professional Services Corporation (“CHSPSC, Inc.”) filed a notice of data breach with the Maine Attorney General’s Office on March 8, 2023. According to the company’s report, the event led to illegal access to the first and last names, dates of birth, addresses,

March 11, 2023 – Codman Square Health Center discovered that private patient data had been compromised by a ransomware attack on the organization’s IT system, and as a result, it filed a notification of data breach with the U.S. Department of Health and Human Services Office for Civil Rights on March 1, 2023. According to the company’s report, the incident led to unauthorized access to the full

March 10, 2023 – On March 8, 2023, DC Health Link announced that the company had recently been the victim of a cybersecurity incident that might have exposed the personal data of thousands of individuals who registered for healthcare through DC Health Link. Preliminary accounts suggest that the breach may have exposed a variety of information about the affected parties, including names, dates of birth, addresses, Social