Posted On November 16, 2022 Consumer Privacy & Data Breaches
On October 31, 2022, Gateway Ambulatory Surgery Center filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after an unauthorized person used an email phishing attack to gain access to the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to patients’ names, Social Security numbers, driver’s license numbers, health benefit enrollment information, health insurance information, medical history, patient account numbers, and dates of service. After confirming that patient data was leaked, Gateway began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Gateway data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Gateway Ambulatory Surgery Center.
The available information regarding the Gateway Surgery Center breach comes from the U.S. Department of Health and Human Services Office for Civil Rights data breach portal, as well as a notice posted on the company’s website. According to these sources, on April 6, 2022, Gateway Surgical Center learned that it had been the target of what appeared to be a cyberattack that affected two employee email accounts. In response, the company launched an investigation, promptly confirming the unauthorized access.
Once Gateway confirmed it was the victim of a cyberattack, management secured all computer systems, reset passwords, and then began working with a third-party data security firm to assist with the company’s investigation. This investigation revealed that the unauthorized party or parties first gained access to two employee email accounts on February 14, 2022, and that they continued to have access until May 10, 2022—almost a month after Gateway learned of the incident. The Gateway investigation also revealed that information belonging to certain patients was accessible through the compromised email accounts.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Gateway Surgery Center began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number, health benefit enrollment information, health insurance information, medical history, patient account number, and dates of service. It was not until September 1, 2022, that Gateway determined the source of the breach was an email phishing attack.
On October 31, 2022, Gateway Surgery Center sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Gateway Ambulatory Surgery Center is an outpatient surgery center located in Concord, North Carolina. The practice performs a range of outpatient surgeries, including those related to podiatry, gynecology, orthopedics, urology, pain management, cataracts and more. Gateway has a staff of more than 60 physicians. Gateway Surgery Center employs more than 71 people and generates between $5 and $25 million in annual revenue.
In its letter to victims of the breach, Gateway Ambulatory Surgery Center provided some details regarding the recent breach. For example, the company explained that the incident resulted from an unauthorized actor gaining access to an employee email account through an email phishing attack. While the manner in which hackers obtained your information may not seem important after the fact, it is part of the inquiry when assessing the strength of any potential data breach lawsuit you may have against the company.
Phishing attacks involve a hacker sending a seemingly legitimate email to an employee of an organization in hopes of getting the employee to provide the hacker with information. Most often, hackers seek login credentials or other data that can be used to access the organization’s IT network. To accomplish this, hackers rely on principles of social engineering to trick an employee into giving them the information they are looking for.
For several years now, phishing attacks have been the most common type of cyberattack. For example, according to the Identity Theft Resource Center (“ITRC”), there were over 320 phishing attacks in 2021. This amounts to one in three cyberattacks for the year. Another report from 2021 indicates that employees in the United States get an average of 14 phishing emails per year.
Why are phishing attacks so common? One reason is that they are incredibly successful. While it may seem as though it would be easy to detect a fraudulent email, that is not necessarily the case. Phishing emails are well-designed and appear to come from trusted sources. In fact, 86% of companies reported having at least one employee who clicked a phishing link in 2021.
While, in some sense, a company is a victim of a phishing attack, consumers whose information ends up in the hands of criminals are the real victims. For example, the data hackers obtain through an email phishing campaign can be used to commit fraud or identity theft against victims of the breach.
Given the frequency with which these attacks occur, it would be almost impossible for a business to be unaware of the threat phishing attacks pose. Thus, it is essential that they take the appropriate steps to educate employees about phishing risks and the steps they can take to prevent a successful attack.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Gateway data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
