Posted On August 19, 2022 Consumer Privacy & Data Breaches

Data Breach Alert: Practice Resources, LLC

On August 4, 2022, Practice Resources, LLC (“PRL”) reported a data breach after the company experienced a ransomware attack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: patients’ names, home addresses, dates of treatment, health plan numbers, and medical record numbers. After confirming that consumer data was leaked, PRL began sending out data breach notification letters to all individuals who were impacted by the recent data security incident. The company estimates that information belonging to 942,138 patients was compromised in the Practice Resources, LLC breach.

If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the PRL data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Practice Resources, LLC.

What We Know So Far About the Practice Resources Breach

According to an official notice filed by the company, on April 12, 2022, Practice Resources was the target of a data security incident impacting the security of patient information at a variety of healthcare facilities. Practice Resources provides billing and other related services to healthcare providers. It is in this role that PRL came into the possession of patient data which was ultimately subject to the breach.

While the company does not indicate when it learned of the incident, in subsequent statements, PRL explains that, in response, it secured its systems and then engaged third-party cybersecurity professionals to assist with the company’s investigation.

The company’s investigation confirmed that the incident stemmed from a ransomware attack and that sensitive patient information may have been compromised. Upon discovering that sensitive consumer data was accessible to an unauthorized party, Practice Resources then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, home address, dates of treatment, health plan number, and medical record number.

On August 4, 2022, Practice Resources sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. These notices were sent to 942,138 patients of the following facilities:

• Achieve Physical Therapy, PC
• CNY Obstetrics and Gynecology, P.C.
• Community Memorial Hospital, Inc
• Crouse Health Hospital, Inc
• Crouse Medical Practice PLLC
• Family Care Medical Group, PC
• Fitness Forum Physical Therapy, PC
• FLH Medical PC
• Greece Dermatological Associates, PC
• Guidone Physical Therapy, PC
• Hamilton Orthopedic Surgery & Sports Medicine
• Helendale Dermatological and Medical Spa, PLLC
• Kudos Medical, PLLC
• Laboratory Alliance of Central New York, LLC
• Liverpool Physical Therapy, PC
• Michael J Paciorek, MD PC
• Nephrology Associates of Watertown, PC
• Nephrology Hypertension Associates of CNY, PC
• Orthopedics East, PC
• Salvation Army
• Soldiers & Sailors Memorial Hospital—Physician Practices
• Joseph’s Medical
• Surgical Care West, PLLC
• Syracuse Endoscopy Associates, LLC
• Syracuse Gastroenterological Associates, PC
• Syracuse Pediatrics
• Tully Physical Therapy
• Upstate Community Medical, PC

More Information About Practice Resources, LLC

Founded in 1996, Practice Resources, LLC is a business services company based in Syracuse, New York, focusing exclusively on the healthcare industry. The company provides a wide range of services to healthcare providers, including revenue cycle management, information technology, financial services, practice consulting, provider services, remote scribing services, and human resources services. Practice Resources employs more than 191 people and generates approximately $35 million in annual revenue.

If You Have Questions About Your Rights Following the Practice Resources Data Breach, Console & Associates, P.C. Can Help

At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the PRL data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a copy of the initial data breach letter issued by Practice Resources, LLC (the actual notice sent to consumers can be found here):

Dear [Redacted],

On April 12, 2022, Practice Resources, LLC (“PRL”), which provides billing and other professional services to a number of healthcare entities, was subject to a ransomware attack (the “Incident”). With assistance from third-party experts, PRL took immediate steps to secure its systems and investigate the nature and scope of the Incident. As part of its extensive investigation, PRL worked diligently to identify any protected health information (“PHI”) and personally identifiable information (“PII”) that may have been subject to unauthorized access or acquisition as a result of the Incident. On or about June 5, 2022, PRL determined that the Incident may have impacted PHI or PII related to you. We have not found any evidence that your information was misused.

What Information Was Involved

The Incident may have resulted in unauthorized access to or acquisition of your name, home address, dates of treatment, health plan number, and/or medical record number.

What We Are Doing

Out of an abundance of caution, and in accordance with applicable law, we are providing this notice to you so that you can take steps to minimize the risk that your information will be misused. The attached sheet describes steps you can take to protect your identity, credit, and personal information.

As an added precaution, we have arranged for IDX to provide you [Redacted] of free credit monitoring and related services. To enroll, please visit [Redacted] or call [Redacted]. Your enrollment code is [Redacted]. To receive these services, please be sure to enroll by [enrollment deadline].

We treat all sensitive information in a confidential manner and are proactive in the careful handling of such information. Since the Incident, we have implemented a series of cybersecurity enhancements and will soon roll out others.

What You Can Do

In addition to enrolling in the credit monitoring services discussed above, the attached sheet describes steps you can take to protect your identity, credit, and personal information.

For More Information

We are providing this notice on behalf of entities to which we provide professional services. Those entities are listed here: [Redacted]. If you have questions or concerns, please call our dedicated assistance line at [Redacted]. We sincerely apologize for this situation and any concern or inconvenience it may cause you.