Posted On November 9, 2022 Consumer Privacy & Data Breaches
On November 4, 2022, Salud Family Health (“Salud”) filed notice of a data breach with the Montana Attorney General’s Office after the company learned that an unauthorized party was able to access sensitive patient information stored on its computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, driver’s license numbers or state identification card numbers, financial account information, credit card numbers, passport numbers, medical treatment and diagnosis information, health insurance information, biometric data, and usernames and passwords. After confirming that consumer data was leaked, Salud began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Salud data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Salud Family Health.
The available information regarding the Salud Family Health breach comes from the company’s filing with the Montana Attorney General as well as a notice posted on its website. According to these sources, on September 5, 2022, Salud detected unusual activity within its computer network. Concerned that the suspicious activity may be related to a cyberattack, the company secured its systems and began working with third-party data security specialists to investigate the incident and determine if any patient or employee information was compromised.
The company’s investigation confirmed that an unauthorized party had gained access to the Salud Family Health network. Further, the investigation revealed that the affected portion of the network contained sensitive patient and employee information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Salud Family Health began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number or state identification card number, financial account information, credit card number, passport number, medical treatment and diagnosis information, health insurance information, biometric data, and username and password.
On November 4, 2022, Salud Family Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1970, Salud Family Health is a healthcare provider based in Fort Lupton, Colorado. The practice caters to the needs of the migrant, seasonal farmworker population living and working in and around Fort Lupton. Salud Family Health currently operates 13 clinics as well as a mobile unit in ten communities throughout northern and southeastern Colorado. In total, Salud serves more than 68,000 patients each year. Salud Family Health employs more than 715 people and generates approximately $28 million in annual revenue.
The Salud Family Health data breach leaked a significant amount of patient information. The breached data included not only Social Security numbers but also patients’ health insurance information, medical diagnoses, and medical treatment information. In all likelihood, this data is considered “protected health information” under HIPAA, or the Health Insurance Portability and Accountability Act.
Salud is not the only healthcare provider to be targeted in a cyberattack this year. Healthcare data breaches have become extremely common. In fact, in 2022, data breaches at healthcare providers have affected well over 2 million patients. As cybercriminals and other bad actors continue to focus on obtaining patients’ protected health information, it is incredibly important for victims of a healthcare data breach to understand what is at risk and what their options are.
The first step to protecting yourself is to understand what is meant by “protected health information.” Protected health information, or PHI, is demographic information, test and laboratory results, medical history information, insurance information, mental health information and other data that healthcare providers collect to identify a patient and use to determine how to properly treat a patient.
However, not all information related to your healthcare is protected. Only data that contains at least one identifier is considered PHI. HIPAA lists 18 different identifiers, including a patient’s:
Of course, healthcare-related information is personal, and for this reason alone, healthcare data breaches are very concerning. However, aside from the obvious privacy risks, these cyberattacks can also result in patients suffering financial—and even physical—harm. For example, hackers who obtain a patient’s protected health information may attempt to obtain medical care in the victim’s name or sell the information to another party who plans on doing the same. This not only leaves the victim responsible for the bill but can also lead to misleading and incorrect information being added to their medical records.
Those who believe their protected health information was compromised in a data breach should reach out to an experienced data breach lawyer to discuss their options.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Salud data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Salud Family Health (the actual notice sent to consumers can be found here):
Dear [Redacted],
Salud Family Health (“Salud”) writes to notify you of a network security incident that may affect the privacy of some of your protected health information. We take this incident seriously, and although we have no evidence to date of identity theft or fraud as a result of this incident, this letter provides details of the incident, our response, and steps you may take to better protect against possible misuse of your information, should you feel it appropriate to do so.
What Happened? Around September 5, 2022, we became aware of suspicious activity in certain computer systems. We immediately launched an investigation, with the assistance of third-party computer specialists, to determine the nature and scope of the activity. Our investigation determined that there was unauthorized access to the affected systems on September 5, 2022 and that certain data may have been accessed or taken. Although we have no evidence of any identity theft or fraud in connection with this incident, Salud is notifying its patients whose information was accessible within the files and subject to unauthorized access.
What Information Was Involved? We determined that the following information may have been accessed or taken as the result of this incident: your name, Social Security number, driver’s license number or Colorado identification card number, financial account information/credit card number, passport number, medical treatment and diagnosis information, health insurance information, biometric data, and username and password.
What is Salud Doing? Salud takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery of the incident, we immediately commenced an investigation to determine its nature and scope. Although Salud has policies and procedures surrounding data security which were in effect at the time of the incident, as part of our ongoing commitment to the security of information, we are reviewing and enhancing our policies and procedures relating to data privacy and security. Salud is taking steps to prevent a recurrence, to include measures to reduce the likelihood of a future incident, including increased network security measures.
In an abundance of caution, Salud is providing you with access to 12 months of identity monitoring services through Kroll at no cost to you. A description of services and instructions on how to activate can be found within the enclosed Steps You Can Take to Help Protect Personal Information. Please note that you must complete the activation process yourself, as we are not permitted to activate the services on your behalf.
What You Can Do. You can review the enclosed Steps You Can Take to Help Protect Personal Information. You can also activate the complimentary identity monitoring services through Kroll. We also encourage you to remain vigilant against potential incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity.
For More Information. We understand you may have questions about this incident that are not addressed in this letter. If you have any questions, please contact our dedicated call center at (855) 926-1137, Monday through Friday, 7:00 a.m. to 4:30 p.m. Mountain Time, excluding major U.S. holidays.
Salud takes the privacy and security of the information in our care seriously. We sincerely regret any inconvenience or concern this incident may cause you, and appreciate your continued support of Salud Family Health.
