Posted On September 13, 2022 Consumer Privacy & Data Breaches
September 13, 2022 – Henderson & Walton Women’s Center, P.C. reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, the date of birth; social security number; medical information; health insurance information; driver’s license or state ID number of certain individuals was compromised. The Henderson & Walton Women’s Center, P.C. data breach is believed to have impacted as many as 34,306 individuals. On August 18th, 2022, Henderson & Walton Women’s Center, P.C. sent out data breach letters to those individuals whose information was affected by the breach.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from Henderson & Walton Women’s Center, P.C., contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that Henderson & Walton Women’s Center, P.C. sent to individuals affected by the data breach:
Dear [Redacted],
Henderson & Walton Women’s Center, P.C. (“HWWC”) recently discovered a cybersecurity breach occurred when one HWWC employee’s email account was hacked. Upon discovery of the incident, HWWC immediately conducted an investigation and implemented additional security measures which remain in place.
All HWWC email sent internally is encrypted. The hackers did not have access to HWWC’s server or other data storage facilities. Nevertheless, because the hackers gained access to the email account, it was necessary to investigate whether they were able to view emails and attachments contained in it.
HWWC immediately engaged a computer forensic-investigation expert to determine the extent of the hackers’ access to information. The forensic investigators conducted a thorough review of both the nature of the cyberattack and the contents of the email account in an effort to determine which patients’ personal information may have been accessible to the hackers. This lengthy process concluded on or about June 24, 2022.
This letter is being posted on HWWC’s website to provide notice to all patients, and particularly those who were affected but who did not receive a letter in the mail, that some patients’ personal information was contained within the email account. Not all affected patients had the same set of personal information contained within the email account, but the breach involved one or more of the following types of information relating to each affected patient: date of birth; social security number; medical information; health insurance information; driver’s license or state ID number.
In response to this incident, HWWC has implemented additional security measures to protect its system, including implementing additional security and privacy policies after the incident. In particular, along with additional security for its encrypted email system, HWWC has implemented a new system for emails containing personal information, automatically deleting such information after three (3) days. HWWC is also working toward establishing a system to eliminate the sharing of any personal information via email at all.
Due to the nature of the information potentially compromised, and because we value your privacy and trust, we are providing affected patients with one year of credit monitoring service at no charge. Representatives are available for 90 days from the date of this letter, to assist patients with questions regarding this incident, between the hours of 7:00 am to 7:00 pm Central time, Monday through Friday. If you did not receive a letter in the mail, please call the help line 1-844-548-0235 and supply the fraud specialist with your first and last name to learn more.
We take your privacy seriously and we regret this cybersecurity incident. We apologize for any inconvenience caused.
