Posted On March 17, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: PhySynergy, LLC

March 17, 2022 – Recently, PhySynergy, LLC announced that certain patients’ protected health information was compromised as a result of a data breach at another company, Technology Management Resources, Inc. which had access to the patients’ information for billing purposes. It is essential those who receive a data breach notification from PhySynergy understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the PhySynergy data breach on behalf of people whose information was exposed. As a part of our investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the responsible parties.

In 2021, there were 1,862 data breaches affecting more than 189,000,000 individuals. Victims of identity theft spend, on average, 200 hours and more than $1,300 recovering their identity. Many of these victims also suffer credit damage, emotional distress, and may even end up with a criminal record. Taking immediate action is the best way to prevent the worst consequences of a data breach.

What We Know So Far About the PhySynergy Breach

Understanding the PhySynergy data breach requires some background information. PhySynergy, Inc. is a healthcare provider based that merged with another healthcare company called Epix Healthcare back in 2016. Together, these companies provide anesthesia services in 11 states, through 28 different facilities.

The recent breach involves information of PhySynergy clients; however, two other companies were also involved, IberiaBank and Technology Management Resources, Inc. (“TMR”). According to a letter issued to those impacted by the breach, PhySynergy relies on IberiaBank to process some of the payments it receives from customers and patients. To accomplish this, PhysSynergy has a lockbox service with IberiaBank. IberiaBank relies on TMR to administer this lock-box service on behalf of its clients.

On January 5, 2022, PhySynergy was informed of a data security incident involving the TMR lockbox services it uses to process customer payments. More specifically, TMR identified unusual activity regarding a user account in the company’s payment application on or around October 14, 2021. It was later confirmed that this activity was unauthorized, and the unauthorized party had access to the data between October 12 and October 14, 2021.

Evidently, the unauthorized party was able to obtain customer information in binary format. Physynergy explained that it is possible for someone to convert this binary data to images, which would then display patient information. While the compromised information varies by patient, it may include your name, date of service, driver’s license number, financial account number, health information, health insurance information, medical record number, medical treatment information, and Social Security Number.

Subsequently, PhySynergy began sending out data breach notification letters to all individuals whose information was compromised as a result of the recent data security incident. In total, 4,419 patients were notified of the PhySynergy/TMR breach.

Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?

When you allowed PhySynergy access to your personal data, you may not have known about the company’s relationship with IberiaBank and TMR. Regardless, you assumed that PhySynergy and the companies it contracts with would do everything possible to keep your data secure. However, news of the PhySynergy data breach raises some very serious questions about the data security measures in place at TMR, and possibly at IberiaBank and PhySynergy.

Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.

Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the PhySynergy breach is only in its beginning phases. For that reason, it is too early to tell if PhySynergy was legally responsible for the breach. However, our data breach attorneys are investigating the PhySynergy security breach to determine the potential legal remedies of those affected. Of course, data breaches involving multiple companies, all of which had access to (and a responsibility to maintain) consumer data, are especially complex.

If you have questions about your ability to pursue a data breach class action lawsuit in the wake of the PhySynergy/TMR breach, contact a data breach attorney as soon as possible.

What to Do If You Received a Data Breach Notification from PhySynergy

If you receive a data breach notification from PhySynergy in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal may have had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:

1. Figure Out What Information Was Stolen: Carefully review the data breach letter sent by PhySynergy, keeping in mind the information you provided to the company as well as the type of data that was compromised in the breach. You should also take a copy of the data breach letter and keep it for your records. Of course, data breach letters are not always easy to understand. A consumer privacy lawyer can help victims of a data breach understand what was compromised and how to protect themselves.
2. Prevent the Hacker from Accessing Your Accounts: Once you determine the scope of the breach and how it affected you, you should take all steps to prevent cybercriminals from accessing your credit or financial accounts. For example, you should change all passwords and security questions for your online accounts. You should also consider setting up multi-factor authentication where it is available.
3. Protect Your Credit and Your Financial Accounts: In the wake of a data breach, companies usually provide free credit monitoring services for a specified period of time. This is not a gimmick, and you do not give up any rights by taking a company up on their offer. Additionally, you should contact one of the three main credit bureaus to request a copy of your credit report. Even if you do not notice any signs of fraud or unauthorized activity, it is a good idea to request a fraud alert. Fraud alerts are free and serve as a red flag to potential lenders and creditors that your information was compromised.
4. Consider a Credit Freeze: A credit freeze prevents access to your credit report unless you specifically authorize it. Credit freezes are free and last until you remove them. While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit.
5. Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach is not a one-time task. You should continually monitor your credit report and all financial accounts, keeping an eye out for any signs of unauthorized activity or fraud. You may also consider calling your banks and credit card companies to report the fact that your information was compromised in a data breach.

If You Have Questions About Your Rights Following the PhySynergy/TMR Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the PhySynergy data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.