Posted On September 28, 2022 Consumer Privacy & Data Breaches
On September 23, 2022, FMC Services, LLC (“FMC”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company was the target of a recent cyberattack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: names, mailing addresses, dates of birth, Social Security numbers, and protected health information. After confirming that consumer data was leaked, FMC began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the FMC data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from FMC Services, LLC.
News of the FMC data breach comes from the company’s official filing with the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the FMC website. According to these sources, on July 26, 2022, FMC Services learned that it had been the target of a cyberattack. More specifically, management was informed that hackers had “attempted to infiltrate” FMC’s computer system and demanded a ransom.
In response, the company secured its systems, stopped all unauthorized access, and began working with an independent cybersecurity firm to investigate the incident. This investigation confirmed that the hackers were able to access certain files contained on the FMC network and that these files contained sensitive information belonging to some patients.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, FMC Services then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, mailing address, date of birth, Social Security number, and protected health information.
On September 23, 2022, FMC Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to FMC Service’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, 233,948 people were impacted by the breach.
FMC Services, LLC is a healthcare services company based in Amarillo, Texas. The company operates a number of clinics throughout the area, including FMC of Canyon, FMC of Coulter, FMC of Georgia, FMC 34th & Coulter, and CareXpress Urgent Care. FMC Services has a team of over 75 doctors spread across the company’s five locations.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the FMC data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by FMC Services, LLC (the actual notice sent to consumers can be found here):
FMC Services, LLC (“FMC”) operates a network of primary care medical clinics throughout Texas. We are writing to inform you about a data security incident that may have exposed some of the decedent’s personal information. We take the security of patient information very seriously, and want to provide you with information and resources you can use to help protect the decedent’s information.
On July 26, 2022, FMC detected that it was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate FMC’s computer network, and demand a ransom payment. Upon detecting this incident, we moved quickly to secure our network environment and launched a thorough investigation. The investigation was performed with the help of independent IT security and forensic investigators to determine the scope and extent of the potential unauthorized access to our systems and any sensitive information.
What information was involved?
After the comprehensive forensic investigation into this incident concluded, we discovered that the decedent’s name, mailing address, date of birth, Social Security number, and/or health information may have been exposed to the unauthorized party during the network compromise. We have had no reports of related identity theft as a result of this incident.
What we are doing.
We take the security of all information in our control very seriously. Given this, we are taking steps to prevent a similar event from occurring in the future by implementing additional safeguards and enhanced security measures to better protect the privacy and security of information in our systems. We have also reviewed and taken steps to enhance our policies and procedures relating to the security of our systems and servers, as well as our information life cycle management.
What you can do.
Please review the enclosed “Additional Resources” section included with this letter. This section describes additional steps you can take to help protect the decedent, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on the decedent’s credit file.
For more information.
If you have questions, please call (855) 926-0837 Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. Please have the decedent’s membership number ready. Protecting patient information is important to us. We trust that this notification helps to demonstrate our continued commitment to patient security and satisfaction.