Posted On December 14, 2022 Consumer Privacy & Data Breaches
December 14, 2022 – Avem Health Partners filed notice of a data breach with the Attorney General of Texas after learning that confidential consumer information was leaked following a cybersecurity incident at 365 Data Centers, 365 Data Centers, a vendor used by a third-party services provider engaged by Avem. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and diagnosis and treatment information. After confirming that consumer data was leaked, Avem began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Avem data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Avem Health Partners.
Avem Health Partners, which provides administrative and technology services to healthcare organizations, outsources certain services to various other companies. One of these companies, in turn, uses the services of 365 Data Centers. Essentially, 365 data Centers performs certain services on behalf of one of the third-party vendors used by Avem.
The available information regarding the Avem Health Partners breach comes from the company’s filing with the Attorney General of Texas as well as a notice posted on the Avem website. Based on the available information, Avem was recently informed of a data security incident at 365 Data Centers.
On September 9, 2022, Avem notified the healthcare organizations that it serves about the data breach at 365 Data Centers. According to the investigation conducted by 365 Data Centers, an unauthorized party was able to access 365 Data Centers’ computer system at some point prior to May 14, 2022. Based on the information passed on to Avem, it appeared that the compromised files may have contained sensitive information belonging to certain patients of healthcare providers that used Avem’s services.
Upon discovering that sensitive patient data was made available to an unauthorized party, Avem Health Partners began to review the affected files to determine what information was compromised and which consumers were impacted. Avem completed this process on October 6, 2022. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, driver’s license number, health insurance information, and diagnosis and treatment information.
On December 14, 2022, Avem Health Partners sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Avem Health Partners (formerly First Physicians Capital Group) is a hospital management company based in Oklahoma City, Oklahoma. The company specializes in providing financial, technology, management, and capital solutions to hospitals in rural markets. Through its services, it helps hospitals to improve reimbursement from payers, reduce bad debt exposure, retain qualified employees, provide specialized management services, and preserve quality healthcare services for the local community. Avem Health Partners employs more than 95 people and generates approximately $17 million in annual revenue.
365 Data Centers is a business services company based in Norwalk, Connecticut. The company is a network centric colocation provider, operating 20 carrier-neutral data centers, and provides a range of services to its corporate clients, including edge colocation, nationwide network connectivity, cloud compute and storage, DraaS (disaster recovery as a service), BaaS (banking as a service), and business continuity services. 365 Data Centers employs more than 130 people and generates approximately $21 million in annual revenue.
The Avem Health Partners / 365 Data Centers breach resulted in an array of patient data being leaked, including patients’ health insurance information, and diagnosis and treatment information. Although the company didn’t use the term in its data breach letter, this information is considered “protected health information.”
In recent years, hackers have focused their efforts on targeting healthcare providers as well as related companies that perform certain services for the providers. In fact, in 2022 alone, more than 2.5 million patients have had their information leaked. As cybercriminals and other bad actors continue to focus their efforts on obtaining patients’ protected health information, it is important for victims of a healthcare data breach to understand what is at risk and what their options are.
The first step to protecting yourself is to answer the question, “what is protected health information?” Protected health information, or PHI, is demographic information, test and laboratory results, medical history information, insurance information, mental health information or any other data that healthcare providers collect during the course of a patient’s treatment.
The collection and use of protected health information is controlled by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, under HIPAA, not all healthcare-related information is considered “protected”—it is only when the leaked data also contains an identifier that it is considered PHI. This is because, without an identifier, there is no way for anyone to connect data back to a specific patient.
There are 18 different identifiers outlined in HIPAA, including a patient’s:
Of course, your health is very personal, as is any related healthcare information. And, based on this reason alone, healthcare data breaches are concerning. However, aside from an invasion of privacy, these incidents also put you at risk of experiencing financial—and even physical—harm.
In the worst-case scenario, hackers who obtain a patient’s protected health information sell the information on the dark web to another person who is looking to receive medical care without paying for it. Once they purchase your information, they steal your identity, going to the doctor’s office pretending to be you. This not only leaves you responsible for the “fake patient’s” medical bills, but it can also lead to misleading and incorrect information being added to your medical records. For example, when the doctor asks the “fake patient” about their current list of medications or past medical condition, they will provide their own information to ensure they receive the appropriate treatment.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Avem data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the notice posted on the Avem Health Partners website (a link to the actual notice can be found here):
Dear [Redacted],
Avem Health Partners was notified of a data security incident experienced by 365 Data Centers, a vendor used by a third-party services provider engaged by Avem.
Avem provides administrative and technology services to healthcare organizations. On September 9, 2022, Avem notified these healthcare organizations about a data security incident experienced by 365 Data Centers that may have resulted in unauthorized access to some patient information. According to 365 Data Centers, on May 16, 2022, they determined that information stored on their servers may have been subject to unauthorized access prior to May 14, 2022.
Subsequently, Avem conducted a review of the Avem files that were stored on the 365 Data Centers server. Based on this review, which was completed on October 6, 2022, Avem determined that the files contained patient information, including patient names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and diagnosis and treatment information.
Avem will soon begin mailing letters to patients whose information may have been involved in the incident. Individuals whose Social Security numbers or driver’s license numbers may have been involved in the incident will be offered complimentary credit monitoring and identity theft protection services. We have also established a dedicated, toll-free call center to answer questions that patients may have. If patients have questions, they should call 1-866-984-0515, Monday through Friday, between 8:00 a.m. and 6:00 p.m., Central Time. We recommend that patients whose information may have been involved in this incident review the statements they receive from their healthcare providers. If they see any services that were not received, they should contact the provider immediately.
We regret any concern or inconvenience this incident may cause. Avem is in the process of examining its vendor relationships and evaluating vendors’ security measures.
