Posted On February 16, 2022 Consumer Privacy & Data Breaches
Last year, healthcare information management company Ciox Health announced that it experienced a massive data breach after a single employee’s email account was hacked. While the exact number of patients whose information was compromised due to the data breach is not yet known, Ciox reports that information relating to more than 80 healthcare providers was leaked. The data breach lawyers at Console & Associates, P.C. are now investigating the Ciox breach to determine what, if any, legal remedies those affected by the breach may be able to pursue.
You may be surprised to learn that your information was compromised as a result of a cyberattack against a company you’ve never heard of. You are not alone.
Ciox Health is a healthcare information management company that helps doctors’ offices, practice groups, hospitals and other healthcare providers run various parts of their businesses. One of the business tasks that Ciox Health assists with is assembling and organizing patient data. In this capacity, Ciox works with and stores vast amounts of patient data. So, even though you never gave Ciox permission to handle your personal data, it obtained your data due to its relationship with your healthcare provider.
Although this breach was announced months ago, details related to its cause are still coming out. However, based on what Ciox has reported, the breach stemmed from an unauthorized party gaining access to an employee’s email account. The unauthorized party then had access to patient information contained in any emails or attachments. Ciox has not made clear how the unauthorized party gained access.
The employee whose email account was hacked worked in the customer service department. Therefore, they had access to patient information related to billing inquiries and customer service requests. Ciox notes that, while certain consumer information was compromised, “the Ciox employee whose email account was involved did not have direct access to any healthcare provider’s or facility’s electronic medical record system.”
One of the challenges for consumers when hearing about a data breach is determining what data of theirs was compromised. According to the most recent news release by Ciox, there appear to be two classes of affected parties. For the first—and larger—group of patients, their names, provider names, dates of birth and dates of service were accessible to the hacker through the employee’s email account. However, the company also notes that in certain “very limited instances,” the information may have included patients’ drivers’ license numbers, Social Security numbers, health insurance data and clinical or treatment data. Ciox has not yet revealed how many patients fall into each group; however, given the number of affected providers, there is reason to believe that the figure could be quite high.
The initial report from Ciox Health following the data breach explained that 32 healthcare providers were impacted by the data breach. However, the current list of affected providers on the Ciox website lists 83 unique providers. It is unclear when Ciox determined that the breach was of a larger scope than originally thought. Below is a list of providers that Ciox has provided notice of the breach:
There are laws in place that allow consumers whose information was leaked in a data breach to pursue a claim for financial compensation against a company that was in possession of their data. Of course, just because a data breach occurred and your information was compromised does not mean that the company was negligent or could have done anything to prevent the attack. However, in some cases, companies fail to update their network security systems or make other careless mistakes that open their systems up to a cyberattack. In these situations, a company may be liable through a data breach class action lawsuit.
Of course, given that the Ciox breach is still quite recent, it is still too early to tell if Ciox bears any legal responsibility for the breach. However, the consumer privacy and data breach lawyers at Console & Associates, P.C. are looking into the incident to determine affected parties’ potential remedies.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Ciox data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.