Posted On December 1, 2022 Consumer Privacy & Data Breaches
On November 23, 2022, Dallam Hartley Counties Hospital District filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company detected a data security threat that compromised patients’ sensitive information. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ names, Social Security numbers, health insurance information, demographic information, and medical information. After confirming that consumer data was leaked, DHCHD began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the DHCHD data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Dallam Hartley Counties Hospital District.
The available information regarding the Dallam Hartley Counties Hospital District breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights. DHCHD also posted a “Notice of Data Incident” on its website. According to these sources, on September 28, 2022, Dallam Hartley Counties Hospital District first learned of a potential data security incident that impacted some of the organization’s computer servers. In response, DHCHD took measures to contain the incident, reported the breach to law enforcement, and then launched an investigation with the assistance of a third-party forensic firm that specializes in cybersecurity matters.
As a result of the DHCHD investigation, it was confirmed that an unauthorized party was able to access certain portions of the organization’s computer network between September 27, 2022 and September 28, 2022. It was also determined that the unauthorized actor removed a subset of the files, some of which contained confidential patient information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Dallam Hartley Counties Hospital District began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, health insurance information, demographic information, and medical information.
On November 23, 2022, Dallam Hartley Counties Hospital District sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Dallam Hartley Counties Hospital District is a healthcare organization based in Dalhart, Texas. DHCHD operates several hospitals and other medical providers in the area, including Coon Memorial Hospital, Dalhart Physical Therapy and Sports Medicine, Dalhart Family Medicine Clinic, Coon Memorial Home Health & Hospice, High Country Community Rural Health Clinic, Legacy Assisted Living, and Coon Memorial Nursing Home. Dallam Hartley Counties Hospital District employs more than 223 people and generates approximately $23 million in annual revenue.
Data breaches, especially those in the healthcare context, can result in victims being forced to spend countless hours—and thousands of dollars—fixing the damage caused by identity theft or other frauds. However, in certain circumstances, patients can hold a healthcare provider liable following a data breach by filing a data breach lawsuit. Of course, the mere fact that a breach occurred does not automatically mean that a provider is on the hook for any damages you sustained. As a general rule, any organization is only financially responsible for a breach if it was the result of the organization’s negligence.
In the data breach context, establishing an organization was negligent requires a patient to prove,
In most cases, the first element of the negligence analysis doesn’t raise much of a hurdle, as it’s commonly understood that healthcare providers have an obligation to protect sensitive patient information. This is especially the case with “protected healthcare information,” as defined by HIPAA. However, determining that a provider’s negligence was the cause of or a contributing factor to a breach can be much more challenging.
Of course, data breaches are criminal acts carried out by third parties. And clearly, no healthcare provider intends to leak patient information. However, just because a criminal actor carried out the attack doesn’t mean that a provider is not liable for victims’ harms. This is because all organizations have a legal duty to protect the data in their possession by implementing an adequate data security system. And whether an organization has a data-security system isn’t necessarily the end of the inquiry because the adequacy of a system can be called into question. For example, healthcare providers especially should conduct regular training about the risks of email phishing attacks to help prevent employees from providing their login credentials to hackers. Companies should also ensure that they respond appropriately to any potential unauthorized access, thus limiting a hacker’s opportunity to remove files from the company’s network.
Given the complexities that arise with these cases, victims of a healthcare data breach should reach out to a dedicated data breach lawyer for assistance.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the DHCHD data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Dallam Hartley Counties Hospital District (the actual notice sent to consumers can be found here):
Dear [Redacted],
Today, Dallam Hartley Counties Hospital District (DHCHD) announced that it mailed letters to patients following a cybersecurity incident.
On September 28, 2022, DHCHD identified a cybersecurity incident affecting some of its computer systems. DHCHD immediately began an investigation with a third-party forensic firm, took measures to contain the incident, and reported the incident to law enforcement. DHCHD’s investigation determined that an unauthorized actor gained access to its network on September 27, 2022, and was able to acquire a subset of files between September 27, 2022 and September 28, 2022. These files contained patient names, Social Security numbers, health insurance information, demographic information, and limited medical information. DHCHD’s electronic medical record application was not accessed during this incident.
On November 23, 2022, DHCHD mailed letters to affected patients and opened a dedicated, toll-free call center to answer questions about this incident. DHCHD is offering complimentary credit monitoring and identity theft protection services to affected patients. To help prevent something like this from happening again, DHCHD is enhancing the security of its systems.
DHCHD values the trust of its community and regrets any concern this incident may cause. Patients with questions may contact a toll-free dedicated, external call center available at 1-877-511-0012 Monday through Friday, 7:00 a.m. to 7:00 p.m., Central Time, except for on major U.S. holidays.
