Posted On May 9, 2023 Consumer Privacy & Data Breaches
May 9 – Catholic Health announced on May 5, 2023, that one of its contractors, Minimum Data Set Consultants, LLC, had been the victim of a data breach. According to the alert issued by Catholic Health, the breach exposed the names, social security numbers, Medicare numbers, diagnostic information, demographic information, and birth dates of affected patients to an outside entity. When it became clear that customer information had been compromised, Catholic Health immediately started notifying those whose personal information had been compromised.
Anyone who has received a notice of a data breach should be aware of the seriousness of the situation. Data breach lawyers at Console & Associates, P.C. are investigating the intrusion into Catholic Health on behalf of patients whose data may have been stolen. As part of our investigation, we are providing free consultations to anybody affected by the breach who is concerned about their identity being stolen and wants to learn more about their options for protecting themselves and whether they are able to file a lawsuit against Catholic Health.
Catholic Health is an organization based in Buffalo, New York that manages a number of medical facilities and primary care clinics in the city and surrounding areas. These facilities and clinics include Sisters of Charity Hospital, Mercy Hospital of Buffalo, Kenmore Mercy Hospital, St. Joseph Campus, and Mount St. Mary’s Hospital. Catholic Health was founded in 1998 and has since grown to employ over 9,500 people and produce revenues of over $1.5 billion annually.
An internal investigation revealed suspicious behavior on Catholic Health’s computer network in late March 2023, according to a blog entry published on the company’s website on May 5, 2023. The corporation responded by opening an inquiry, which confirmed that an unknown third party had accessed data on the company’s network around August 27, 2023.
Catholic Health started reviewing the affected files to identify what information was stolen and who was affected after learning that sensitive customer data was made accessible to an unauthorized person. Information such as names, Social Security numbers, Medicare numbers, diagnoses, demographic data, and dates of birth may have been compromised, albeit the specifics vary per person.
Catholic Health is not sure whose patient records were accessed specifically, but it is being cautious and contacting everyone whose data may have been compromised.
Catholic Health notified all patients whose personal information was exposed on May 5, 2023, through letters detailing the data breach.
In 2022, hackers compromised the personal information of almost 420 million individuals. That’s the most ever recorded in a single year. Initial forecasts for 2023 do not suggest a decline in breaches.
While most people are aware of data breaches, few are aware of the potential consequences of identity theft. However, given the frequency of data breaches, it is essential that every customer understands what they can do to protect themselves, just in case they, too, become a victim.
Hackers commit data breaches with the express intention of collecting private customer information for the purposes of identity theft or for selling on the dark web. While consumers may not be able to prevent data breaches from occurring, they may take measures to reduce their exposure to fraud and identity theft.
The steps below should be taken if a data breach is discovered, but are not exhaustive. If a hacker gained access to personal information such as your Social Security number or bank account details, you may wish to beef up your security measures.
In the event of a data breach at your organization, you will get a letter detailing the situation. This correspondence details the incident, the events leading up to it, the measures taken to avoid such incidents in the future, and whether or not the firm has received any allegations of fraud or identity theft. Therefore, the first step is to carefully analyze the data breach report and determine whether and what data was compromised.
Free credit freezes and fraud warnings are offered by all three major credit reporting companies. When you put a fraud alert on your credit report, creditors are notified if you believe your personal information is being used illegally. If you put a freeze on your credit report, no one will be able to view it without your consent. The Identity Theft Resource Center has maintained that placing a credit freeze on your account is the best way to protect yourself against identity theft in the aftermath of a data breach.
Hackers usually act quickly to capitalize on stolen information to prevent their victims from canceling their accounts. However, depending on the nature of the breach, hackers may need more details in order to carry out their malicious schemes. Sometimes it might take weeks or months for hackers to be able to exploit stolen information. Usually, at this point in the process, customers have reduced their guard and become an easy target for hackers. As a consequence, throughout the next several months after the attack, you should check in on your accounts occasionally.
After a data breach, changing the passwords to all of your online accounts is a must. While it’s tempting to change the passwords for just the affected accounts, hackers who obtain access to your social media or online shop accounts may be able to access much more of your personal information.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Catholic Health data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the notice posted on their website:
Minimum Data Set Consultants, LLC (MDS), a firm that provides consulting services to skilled nursing facilities across the country, experienced a data breach that may include medical record information from some long term care residents within Catholic Health. MDS is in the process of notifying the residents, their family members, or other responsible party.
In late March, MDS became aware of unusual activity involving certain electronic health records files and immediately began an investigation. It is believed the files were accessed without authorization on or about August 27, 2022 by a former MDS employee. Law enforcement was promptly notified and is continuing to investigate this incident. While it is uncertain what accounts were actually breached, out of an abundance of caution, MDS and Catholic Health have notified all long term care residents who have protected health information (PHI) in the medical records system.
The initial investigation determined that, at the time of the incident, the relevant files contained names, birthdates, demographic information, social security and Medicare numbers, and diagnosis information. While there is no indication the information accessed without authorization was misused for the purposes of identity theft, consumers are advised to remain vigilant against identity theft and fraud, review their account statements and explanation of benefits forms, and monitor credit reports for suspicious activity or errors.
Under U.S. Law, consumers are entitled to one free credit report annually from the county’s three major credit reporting bureaus by visiting annualcreditreport.com or calling, toll free, 1-877-322-8228. Consumers can also place an initial (one-year) or extended “fraud alert” or “credit freeze” on their credit file at no cost by contacting the credit bureaus listed below. A “credit freeze” prohibits credit bureaus from releasing credit report information without a consumer’s prior authorization to prevent credit, loans and other services from being approved without consent.