Posted On October 24, 2022 Consumer Privacy & Data Breaches
On October 11, 2022, Choice Health Insurance, LLC filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a data breach involving sensitive consumer information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names; Social Security numbers; Medicare beneficiary identification numbers; dates of birth; addresses and contact information; and health insurance information. After confirming that consumer data was leaked, Choice Health began sending out data breach notification letters to all individuals who were impacted by the recent data security incident. According to the most recent estimates, the Choice Health data breach impacted 32,064 individuals across the country.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Choice Health data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Choice Health Insurance, LLC.
The available information regarding the Choice Health Insurance breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights. According to this source, on May 14, 2022, Choice Health learned that someone was offering Choice Health customer data for sale online. In response, the company launched an investigation. The company’s investigation confirmed that an unauthorized party was able to gain access to a Choice Health server on May 7, 2022, and that they had access to the server until May 14, 2022, when the company discovered the intrusion.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Choice Health Insurance began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name; Social Security number; Medicare beneficiary identification number; date of birth; address and contact information; and health insurance information.
On October 11, 2022, Choice Health Insurance sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Choice Health Insurance is an insurance company based in Myrtle Beach, South Carolina. Choice Health is an independent broker and offers insurance products through various insurance providers, such as those offered by Humana, WellCare Health Plans, Anthem BlueCross BlueShield, Mutual of Omaha, United Healthcare, Cigna and Aetna. Choice Health also sells health insurance plans through healthcare.gov. Choice Health Insurance currently employs more than 130 individuals and generates approximately $33 million in annual sales.
Based on the company’s HHS OCR filing, We know that the Choice Health data breach affected sensitive patient information, including patients’ names, addresses, birth dates, Social Security numbers, and health insurance information. Given the information provided, it appears that the data compromised as a result of the recent breach falls within the definition of PHI under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
Protected health information is defined as any identifying healthcare data that relates to a patient’s past or current health condition or how a patient pays or plans to pay for their healthcare. Doctors collect and use PHI to determine the appropriate treatment for patients, as well as for billing purposes. For example, lab tests, MRI results, insurance claim information, or a list of a patient’s current medications may all be protected health information; however, healthcare-related data is not always considered protected.
Under HIPAA, healthcare-related data is considered protected when it contains one or more identifiers. This is because if test results were leaked but did not contain an identifier, there would be no way for anyone to connect those results to the patient, and the data would not be considered PHI. Common identifiers include patients’ names, email addresses, physical addresses, photographs, fingerprints, or Social Security numbers.
From a patient’s perspective, the fact that data is considered PHI means that anyone who possesses the information will be able to carry out healthcare identity fraud. Healthcare identity theft is similar to other types of identity theft in that it involves an unauthorized party (i.e., criminal) fraudulently using another’s data for their own benefit. However, healthcare ID fraud is not only much more difficult to resolve than other types of identity theft, but it can also put your physical health at risk. For example, cybercriminals will often sell stolen protected health information on the dark web. The person who buys the data likely does so for the very purpose of obtaining medical care in your name. Then, pretending to be you, the fake patient goes to the doctor to receive treatment, giving the provider your insurance information. When the doctor asks the “patient” pertinent questions about their medical history, symptoms, etc., they provide the doctor with their own information to ensure they receive the appropriate treatment. This can result in a situation where your medical record contains inaccurate information when you go to the doctor for treatment.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Choice Health data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.