Posted On August 15, 2022 Consumer Privacy & Data Breaches
August 15, 2022 – Conifer Revenue Cycle Solutions, LLC (“Conifer”) reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, the names, dates of birth, addresses, Social Security numbers, driver’s license numbers, medical and treatment information, health insurance information and billing information of certain individuals was compromised. On August 12, 2022, Conifer Revenue Cycle Solutions sent out data breach letters to those individuals whose information was affected by the breach.
Conifer utilized a data firm to investigate the breach and found that files that the unauthorized party accessed contained sensitive information pertaining to patients of multiple healthcare providers, specifically:
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from Conifer Revenue Cycle Solutions, LLC, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that Conifer Revenue Cycle Solutions sent to individuals affected by the data breach:
We are writing to inform you of a data security incident that occurred at Conifer Revenue Cycle Solutions, LLC (“we” or “Conifer”) and has affected your personal information. Conifer provides revenue cycle management and other administrative services to healthcare providers, including [Redacted].
On April 14, 2022, we learned that an unauthorized third party gained access to a Microsoft Office 365-hosted business email account. Upon discovery, we immediately began an investigation, and engaged a leading security firm.
Based on the investigation, the unauthorized party was able to access the business email account at Conifer on January 20, 2022. This email account is separate from Conifer’s internal network and systems, which were not affected by this incident. Based on a detailed review conducted between June 13, 2022 and August 3, 2022, it was determined that your personal information associated with the healthcare provider listed above was in the impacted business email account.
Even though we conducted a thorough investigation, it was not possible to conclusively determine whether personal information was actually accessed by the unauthorized party. To date, we are not aware of any misuse of your data.
What information may have been involved?
Personal information involved in this incident may have included one or more of the following elements: (1) information to identify the individual (such as full name, date of birth, and address); (2) medical and/or treatment information (such as medical record number, dates of service, provider and facility, diagnosis or symptom information, and prescription/medication); (3) health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and (4) billing and claims information. Your Social Security number, driver’s license number, and financial account information were not involved in this incident. Please note that not all data elements were involved for all individuals.
What we are doing.
Conifer takes privacy and security very seriously. In response to this incident, we immediately took action to block malicious IP addresses and URLs. In addition, the password for the impacted account was reset shortly after the unauthorized access. We have enhanced and continue to enhance our security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and we accelerated our implementation of multi-factor authentication for business email accounts within the environment.
What you can do.
The enclosed Reference Guide includes information on general steps you can take to monitor and protect your personal information. Although we are unaware of any actual or attempted misuse of patient information as a result of this incident, we encourage you to carefully review credit reports and statements sent from providers as well as your insurance company to ensure that all account activity is valid. Any questionable charges should be promptly reported to the company with which you maintain the account.
For more information
If you have any questions about this matter or would like additional information, please refer to the enclosed Reference Guide, visit [Redacted] or call toll-free 1-833-764-0238. This call center is open from 9 am – 9 pm Eastern Time, Monday through Friday, except holidays.
We sincerely regret that this incident occurred and apologize for any inconvenience this incident may have caused you.