Posted On February 4, 2022 Consumer Privacy & Data Breaches
February 4, 2022 – In recent news, Medsurant Holdings, LLC revealed that the company experienced a data breach involving the sensitive information of more than 45,000 patients. On November 29, 2021, the company sent data breach notification letters to all affected patients, informing them that the cybersecurity event resulted in an unauthorized third party potentially accessing their sensitive information, including their full name, address, diagnosis/conditions, date of birth, claims information, and Social Security number.
A data breach is a cybersecurity event in which an unauthorized party gains access to sensitive consumer information. Often, hackers and other bad actors target companies that have weak data security measures in place. By definition, data breaches put sensitive consumer information in the hands of unknown third parties. Parties orchestrating a cyberattack may use the information obtained through a data breach to commit identity theft or for other criminal purposes. While it’s common for the victim of a data breach not to notice anything wrong with their accounts at first, it is essential that consumers give the situation the seriousness it deserves, as data breaches often lead to significant financial losses.
Anyone in receipt of a Medsurant Holdings, LLC data breach letter has reason to be concerned. Too often, consumers disregard data security event notifications because they have yet to see any signs of unauthorized activity on their accounts. However, since the beginning of the COVID-19 pandemic in early 2020, the rate of identity theft crimes has increased dramatically. In many of these cases, the information used to commit identity theft was obtained through a data breach.
If you recently received a data breach letter from Medsurant Holdings, LLC, it is imperative that you take the necessary steps to protect yourself. Additionally, you may also be eligible for financial compensation through a data breach lawsuit if evidence emerges that Medsurant Holdings, LLC mishandled your data leading up to the breach.
When you entrusted Medsurant Holdings, LLC with your personal information, you hoped that the company would take your privacy seriously. And you certainly assumed that Medsurant Holdings would take whatever steps were necessary to prevent your private information from ending up in the hands of a criminal. However, given the recently announced breach, it raises questions about the data-security measures the company had in place at the time of the cyberattack.
Companies like Medsurant Holdings, LLC have an ethical and legal obligation to protect consumers’ personal, identifying, financial and health information. While this requires companies to devote time and money to develop adequate security measures, these expenses are merely the costs of doing business in a society where cyberattacks are common. If a business or organization mishandles or otherwise fails to protect consumers’ sensitive information, it may be liable through a data breach class action lawsuit. However, data breach laws are complex, and the investigation into the breach is ongoing. However, our data breach law firm is currently investigating whether there is a possible class action data breach lawsuit against Medsurant Holdings, LLC.
If you have questions about whether you can bring a Medsurant Holdings, LLC class action lawsuit, it is important you reach out to a data breach attorney as soon as possible.
If you received a data breach letter from Medsurant Holdings, LLC, it is important you take a moment and consider what it means. Essentially, you are being informed that an unauthorized person—possibly a criminal—may have accessed, viewed, and retained your personal information. While Medsurant does not know why the third party sought out your information and what they plan to do with the data they obtained, the situation requires you to take precautionary measures.
Below are a few ways to protect yourself from identity theft and the other possible financial risks that can step from a data breach:
Medsurant Holdings, LLC specializes in intraoperative neurophysiologic monitoring (IONM), which involves the use of high-tech equipment to monitor a patient’s nervous system during surgery. The company was founded in 2009 in West Conshohocken, Pennsylvania, and operates through seven practices in 20 states.
According to the most recent data breach letter, on September 30, 2021, Medsurant Holdings, LLC received an email from an unknown party informing the company that they had removed certain data from the company’s servers. The company investigated the incident, determining that patient data was accessible by the unauthorized party between September 23, 2021 and November 12, 2021. The compromised patient information appears to include the following:
While Medsurant Holdings, LLC does not know which patients’ data was accessed and removed from the company’s systems, the investigation is ongoing. However, the company revealed that the total number of affected patients exceeds 45,000. On November 29, 2021, the company sent data breach notifications to all affected parties, informing them of the breach and what they can do to protect themselves.
Below is a copy of the data breach letter issued by Medsurant Holdings, LLC (a sample of the actual notice sent to consumers can be found here):
Medsurant Holdings, LLC (“Medsurant”)1 is issuing notice of a recent data security event that may impact the confidentiality and security of information related to certain patients. Although Medsurant is unaware of any actual misuse of this information, we are providing information about the event, our response, and steps affected individuals may take to better protect against the possibility of identity theft and fraud, should they feel it is necessary to do so.
What Happened? On September 30, 2021, Medsurant received a suspicious email from an unknown actor who alleged that they removed data from the Medsurant environment. Because the unknown actor alleged data removal from systems containing patient information, Medsurant worked quickly to investigate what happened and whether this incident resulted in any unauthorized access to, or theft of, patient information by the unknown actor.
Medsurant conducted an extensive investigation to determine the nature and scope of the incident. The investigation confirmed Medsurant’s systems were accessible by an unknown actor between September 23, 2021 and November 12, 2021, and some data was exfiltrated from our systems. Some limited data was also encrypted during this period, but later restored. Medsurant is in the process of performing a review of the information impacted to identify the individuals whose information may have been compromised by the unknown actor. Once this review is complete, Medsurant will then work to determine the identities and contact information for potentially impacted individuals and provide notice via written letter.
What Information was Affected. Although our review is ongoing, the following types of patient information may have been accessed and acquired by the unknown actor during this incident: full name, address, name, address, diagnosis/conditions, date of birth, claims information, and Social Security number. We have no evidence of any fraudulent misuse of the information and Medsurant is providing this notice in an abundance of caution.
What We are Doing. Medsurant takes this incident and the security of your information seriously. Upon learning of this incident, we immediately took steps to restore our operations and further secure our systems by implementing additional network monitoring and beginning a forensic review. As part of our ongoing commitment to the privacy of personal information in our care, we are working to review our existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information in our systems. Medsurant also notified federal law enforcement, and the U.S. Department of Health and Human Services.