Posted On March 14, 2022 Consumer Privacy & Data Breaches
March 14, 2022 – Recently, Montrose Regional Health (“MRH”) announced that the protected health information of as many as 52,632 patients was compromised due to a data security incident involving an employee’s email account. It is essential those who receive a data breach notification from Montrose Regional Health understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Montrose Regional Health data breach on behalf of people whose information was exposed. As a part of our investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Montrose Regional Health.
In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.
According to a “Notice of Data Incident” post on the company’s website, Montrose Regional Health recently detected suspicious activity on one of its employee’s email accounts. In response to this discovery, the company initiated an investigation to determine the nature and extent of the incident, as well as if any patient information was accessible to the unauthorized party. The investigation revealed that between August 2, 2021 and October 26, 2021, the unauthorized party gained access to certain files containing patients’ protected health information.
Upon learning of the extent of the security breach, Montrose Regional Health then reviewed the affected files to determine what information was compromised. The company completed this review on February 25, 2022. While the compromised information varies based on the patient, it may include a patient’s full name, inpatient/outpatient status, internal patient account number, service date, treatment cost, procedure code, provider name, and health insurance provider.
On or around February 25, 2022, Montrose Regional Health began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident. The company sent notices to as many as 52,632 patients.
Montrose Regional Health is a healthcare network that operates multiple facilities in and around Montrose, Colorado. The company provides a range of services across 23 different practice areas, including women’s health, cardiology, emergency care, intensive care, joint replacement, medical imaging, cancer treatment and respiratory care. MRH is comprised of nine different treatment centers.
When you allowed MRH access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the MRH data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.
Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Montrose Regional Health breach is only in its beginning phases. For that reason, it is too early to tell if MRH was legally responsible for the breach. However, our data breach attorneys are investigating the Montrose Regional Health security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against MRH, contact a data breach attorney as soon as possible.
If you receive a data breach notification from MRH in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the MRH data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.