$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On February 16, 2022 Consumer Privacy & Data Breaches

Ciox Data Breach Affects More than 80 Healthcare Providers and an Unknown Number of Patients

Data Breach AlertLast year, healthcare information management company Ciox Health announced that it experienced a massive data breach after a single employee’s email account was hacked. While the exact number of patients whose information was compromised due to the data breach is not yet known, Ciox reports that information relating to more than 80 healthcare providers was leaked. The data breach lawyers at Console & Associates, P.C. are now investigating the Ciox breach to determine what, if any, legal remedies those affected by the breach may be able to pursue.

How Did Ciox Health Acquire Your Information?

You may be surprised to learn that your information was compromised as a result of a cyberattack against a company you’ve never heard of. You are not alone.

Ciox Health is a healthcare information management company that helps doctors’ offices, practice groups, hospitals and other healthcare providers run various parts of their businesses. One of the business tasks that Ciox Health assists with is assembling and organizing patient data. In this capacity, Ciox works with and stores vast amounts of patient data. So, even though you never gave Ciox permission to handle your personal data, it obtained your data due to its relationship with your healthcare provider.

What Caused the Ciox Data Breach?

Although this breach was announced months ago, details related to its cause are still coming out. However, based on what Ciox has reported, the breach stemmed from an unauthorized party gaining access to an employee’s email account. The unauthorized party then had access to patient information contained in any emails or attachments. Ciox has not made clear how the unauthorized party gained access.

The employee whose email account was hacked worked in the customer service department. Therefore, they had access to patient information related to billing inquiries and customer service requests. Ciox notes that, while certain consumer information was compromised, “the Ciox employee whose email account was involved did not have direct access to any healthcare provider’s or facility’s electronic medical record system.”

What Information Was Leaked in the Ciox Data Breach?

One of the challenges for consumers when hearing about a data breach is determining what data of theirs was compromised. According to the most recent news release by Ciox, there appear to be two classes of affected parties. For the first—and larger—group of patients, their names, provider names, dates of birth and dates of service were accessible to the hacker through the employee’s email account. However, the company also notes that in certain “very limited instances,” the information may have included patients’ drivers’ license numbers, Social Security numbers, health insurance data and clinical or treatment data. Ciox has not yet revealed how many patients fall into each group; however, given the number of affected providers, there is reason to believe that the figure could be quite high.

Who Was Impacted by the Recent Ciox Health Breach?

The initial report from Ciox Health following the data breach explained that 32 healthcare providers were impacted by the data breach. However, the current list of affected providers on the Ciox website lists 83 unique providers. It is unclear when Ciox determined that the breach was of a larger scope than originally thought. Below is a list of providers that Ciox has provided notice of the breach:

  • Women’s Health Specialist
  • Winn-Dixie
  • Washington University School of Medicine
  • Walmart Inc.
  • Vantage Point
  • Vanderbilt University Medical Center
  • UPMC
  • Union Hospital Healthcare System
  • Trinity Health – St. Joseph Mercy Health System
  • Trinity Health – St. Francis Medical Center
  • Trinity Health – Saint Alphonsus Health System
  • Trinity Health – Mount Carmel Health System
  • Trinity Health – Holy Cross Hospital
  • Tower Health (multiple Affiliated Covered Entities)
  • The University of Toledo Medical Center
  • Temple Physician Inc.
  • Sentara Healthcare
  • Sarasota County Public Hospital District d/b/a Sarasota Memorial Health Care System
  • Rochester Regional Health
  • Reedsburg Area Medical Center
  • Redeemer Health
  • Quorum Health and its subsidiaries
  • Prisma Health – Palmetto Health
  • Prisma Health – Greenville Health System
  • Presence United Samaritans Medical Center
  • Presence Medical Group
  • Presence Covenant Medical Center
  • Piedmont Healthcare
  • Phoebe Putney Health System, Inc.
  • OU Medicine, Inc.
  • OSF HealthCare System
  • OrthoConnecticut
  • Orlando Orthopedic Center
  • Optum, Inc.
  • Ohio State University Health System
  • Northwestern Medicine
  • Northern Light Mercy Hospital
  • Niagara Falls Memorial Medical Center Health System
  • Morrilton Medical Clinic
  • MD Partners
  • McLeod Health System
  • Indiana University Health
  • Huntsville Hospital Health System
  • Hospital Sisters Health System
  • Hoag Health System
  • Fort Wayne Orthopedics
  • Florida Medical Clinic, LLC
  • Essentia Health
  • Erie County Medical Center Corporation
  • Einstein Healthcare Network
  • DeSoto Memorial Hospital Health System
  • Copley Hospital
  • Cook County Health
  • Coastal Family Health Center
  • Christus Health
  • Children’s Healthcare of Atlanta
  • Centra Health
  • Cameron Memorial Community Hospital
  • Butler Health Systems
  • Burrell Behavioral Health
  • BJC HealthCare
  • Baptist Memorial Health Care
  • Ascension (multiple facilities)
  • Arizona Community Surgeons, PC, dba Arizona Community Specialists
  • AMITA Health St. Mary’s Hospital Kankakee
  • AMITA Health St. Alexius Medical Center Hoffman Estates
  • AMITA Health Saints Mary and Elizabeth Medical Center Chicago
  • AMITA Health Saint Joseph Medical Center Joliet
  • AMITA Health Saint Joseph Hospital Elgin
  • AMITA Health Saint Joseph Hospital Chicago
  • AMITA Health Saint Francis Hospital Evanston
  • AMITA Health Resurrection Medical Center Chicago
  • AMITA Health Mercy Medical Center Aurora
  • AMITA Health Holy Family Medical Center Des Plaines
  • AMITA Health Alexian Brothers Medical Center Elk Grove Village
  • AMITA Health Alexian Brothers Behavioral Health Hospital Hoffman Estates
  • AMITA Health Adventist Medical Center La Grange
  • AMITA Health Adventist Medical Center Hinsdale
  • AMITA Health Adventist Medical Center GlenOaks
  • AMITA Health Adventist Medical Center Bolingbrook
  • Alexian Brothers Medical Group
  • Alabama Orthopedic Specialists
  • AdventHealth (multiple facilities)

Can You Sue Ciox in the Wake of the Data Breach?

There are laws in place that allow consumers whose information was leaked in a data breach to pursue a claim for financial compensation against a company that was in possession of their data. Of course, just because a data breach occurred and your information was compromised does not mean that the company was negligent or could have done anything to prevent the attack. However, in some cases, companies fail to update their network security systems or make other careless mistakes that open their systems up to a cyberattack. In these situations, a company may be liable through a data breach class action lawsuit.

Of course, given that the Ciox breach is still quite recent, it is still too early to tell if Ciox bears any legal responsibility for the breach. However, the consumer privacy and data breach lawyers at Console & Associates, P.C. are looking into the incident to determine affected parties’ potential remedies.

If You Have Questions About Your Rights Following the Ciox Health Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Ciox data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.