Posted On June 29, 2022 Consumer Privacy & Data Breaches
June 29, 2022 – Recently, Covenant Care California, LLC released additional information about a data breach, supplementing a notice the company previously sent out to affected parties on May 6, 2022. According to a “Notice of Data Event” posted on the company’s website, it is now confirmed that the breach involved the names, medical information, health insurance information, dates of birth, Social Security numbers, driver’s license numbers, and other personal information of certain patients.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Covenant Care data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Covenant Care California, LLC.
According to the most recent notice provided by Covenant Care, the details leading up to the breach changed significantly. On around April 24, 2022, management discovered that an employee at one of the Covenant Care facilities was experiencing unusual issues with her email account. In response, Covenant Care California secured the employee’s email account and launched an investigation to learn more about the incident.
Through this investigation, the company confirmed that the employee had responded to an email phishing attack, providing the unauthorized user with access to her email login credentials. Further, Covenant Care learned that additional employees’ accounts were also compromised. It remains unclear if these other employees also responded to the phishing email. The company reports that the unauthorized party had access to Covenant Care systems for a period of about two months, from February 24, 2022 to May 3, 2022.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Covenant Care California began reviewing the data in the email accounts to determine exactly what information was compromised. The company’s review is ongoing; however, it explained that the breached information varies depending on the individual and may include affected parties’ names, medical information, health insurance information, dates of birth, Social Security numbers, driver’s license numbers, and other personal information.
On June 24, 2022, Covenant Care California sent out data breach letters to additional parties who were impacted by this data security incident.
Covenant Care California, LLC is a provider of short- and long-term residential treatment based in Aliso Viejo, California. The company operates 30 skilled nursing facilities, assisted living facilities, rehabilitation centers, and residential care centers across California and Nevada. Currently, Covenant Care provides care for more than 4,000 residents and patients. Covenant Care’s rehabilitation facilities operate under the name AFFIRMA. The company provides home healthcare services under the names Focus Health, Elevate Home Health, Choice Home Health Care, and San Diego Home Health. Covenant Care California employs more than 8,000 people and generates approximately $1 billion in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Covenant Care data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Covenant Care California, LLC (the actual notice sent to consumers can be found here):
Covenant Care California, LLC (“Covenant Care”) is providing notice related to a recent data incident. Covenant Care operates several nursing homes, residential care facilities, and home healthcare centers throughout California and Nevada, including Wagner Heights Nursing and Rehabilitation Center and Silver Hills Health Care Center. They also provide Rehabilitation Services through a company called AFFIRMA and Home Healthcare Services under the names Focus Health, Elevate Home Health, Choice Home Health Care, and San Diego Home Health. Covenant Care has certain personal information of patients who received services from a facility or agency operated by Covenant Care.
What Happened? On or around February 24, 2022, Covenant Care identified suspicious activity related to an employee email account. Covenant Care promptly took steps to secure the email account and to commence an investigation into the activity. Through the investigation to date, Covenant Care determined that unauthorized actor(s) gained access to certain employee email accounts at various times between February 24 and May 3, 2022. While Covenant Care’s investigation is ongoing, as part of the response to this incident, it is conducting a detailed review to determine what information was present in the relevant accounts at the time of unauthorized access and to whom those records relate. Covenant Care is notifying individuals as it identifies information, and this process is ongoing.
What Information Was Involved? The data present in the relevant email accounts varies by individual. Based on the investigation to date, Covenant Care determined that the information present in the email accounts primarily included medical information and health insurance information. For a small subset of individuals, the information may also include date of birth, Social Security number, driver’s license number, or other personal information.
What We Are Doing. Information security is one of Covenant Care’s highest priorities, and it has strict security measures in place to protect information. Covenant Care is currently reviewing technical, administrative, and physical safeguards to identify and implement any potential enhancements to its security measures, including installation of additional technical safeguards to email systems. Further, general privacy and security policies and procedures are being reviewed for potential enhancements, as well as policies and procedures specific to employee training on email security. Additional employee retraining is also being conducted regarding email safety and security awareness. Covenant Care is also notifying potentially affected individuals and providing them with information and resources to help protect their information.
What You Can Do. Covenant Care encourages individuals who are potentially affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements, explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors. Please also review the information contained in the below “Steps Individuals Can Take To Help Protect Information.”
For More Information. We understand that individuals may have questions about this incident that are not addressed in this notice. If you have additional questions or concerns, please call our dedicated assistance line at 855-788-2390 (toll-free), which is available Monday through Friday, from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. Please know we take this incident very seriously and sincerely regret any inconvenience or concern it may cause you.