Posted On August 31, 2022 Consumer Privacy & Data Breaches
August 31, 2022 – CorrectHealth reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, the names, addresses, Social Security numbers, Driver’s License numbers, passport numbers, financial account information, and limited medical information of certain individuals was compromised. The CorrectHealth data breach is believed to have impacted as many as 54,066 individuals. On August 25, 2022, CorrectHealth sent out data breach letters to those individuals whose information was affected by the breach.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from CorrectHealth, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that CorrectHealth sent to individuals affected by the data breach:
Dear [Redacted],
CorrectHealth (“CH”) is writing to inform you of a data security incident that resulted in unauthorized access to your sensitive personal information. While we have not received any reports of related identity theft since the date of the incident, we are providing you with details about the incident, steps we are taking in response, and resources available to help you protect against the potential misuse of your information.
What Happened?
On November 10, 2021, CH discovered an unauthorized user potentially had access to CH employee email accounts. Upon detection of this incident, CH promptly engaged a specialized third-party forensic firm and conducted a forensic investigation to determine the nature and scope of the incident. The investigation, which concluded on January 28, 2022, found that information related to you may have been affected by this incident. CH immediately began a thorough review of their systems, and from March to July, 2022, engaged a third party to analyze the specific files that were compromised during this data security incident in order to determine the specific information disclosed and to identify the potentially impacted individuals.
What Information Was Involved?
Although CH has not received any reports of related identity theft since the date of the incident, we are notifying you out of an abundance of caution and for purposes of full transparency. Based on the investigation, the following information related to you may have been subject to unauthorized access: name, [Redacted].
What We Are Doing
Since the discovery of the incident, CH moved quickly to investigate, respond, and confirm the security of the information in our control. Further, CH took steps and will continue to take steps to mitigate the risk of future harm. Specifically, CH cooperated with the FBI as part of a larger investigation into the threat group responsible, issued a company-wide password reset for all employees, employed an advanced phishing service for CH’s email tenant, began putting disclaimers on all externally received emails, implemented Multi-Factor Authentication for all administrative staff, began rolling out a Single Sign On solution for clinical staff, and effected weekly data security and monthly simulated phishing training for all employees.
In response to the incident, we are providing you with access to the following services:
We are offering identity theft protection services through IDX, the data breach and recovery services expert. IDX identity protection services include: [Redacted] months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
What You Can Do
We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious or unauthorized activity. Additionally, security experts suggest that you contact your financial institution and all major credit bureaus to inform them of such a breach and then take whatever steps are recommended to protect your interests, including the possible placement of a fraud alert on your credit file. Please review the enclosed Additional Steps You Can Take to Help Protect Your Information, to learn more about how to protect against the possibility of information misuse.
You may also activate the credit monitoring services we are making available to you.
We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling 1-833-764-2930 or going to [Redacted] and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 9 am – 9 pm Eastern Time. Please note the deadline to enroll is November 25, 2022. Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.
Other Important Information
We recognize that you may have questions not addressed in this letter. If you have additional questions, please call 1-833-764-2930 or go to [Redacted] for assistance or for any additional questions you may have. You will find detailed instructions for enrollment on the enclosed Recommended Steps document. Also, you will need to reference the enrollment code at the top of this letter when calling or enrolling online, so please do not discard this letter.
CH sincerely regrets any inconvenience or concern that this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control.
