Posted On February 10, 2022 Consumer Privacy & Data Breaches
February 10, 2022 – Recently, Suncoast Skin Solutions announced a cyber security incident in which an unauthorized party encrypted certain documents stored on the company’s system. As a result of the Suncoast Skin Solutions data breach, the personal information of 57,730 individuals was compromised. Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them. The data breach lawyers at Console & Associates, P.C. are actively investigating the security breach. If an investigation reveals that Suncoast Skin Solutions failed to ensure the safety of consumer data leading up to the breach, the company may be liable through a data breach class action lawsuit.
Cyberattacks such as this one are increasingly common in today’s society. Today more than ever, businesses store data electronically. While there are certainly many ways to protect against cyberthreats, hackers have ways of identifying vulnerabilities in data security systems, which they can then exploit.
When a hacker breaches a company’s computer systems, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after a company experiences a data breach, they will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.
When you allowed Suncoast Skin Solutions access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Suncoast Skin Solutions data breach raises some very serious questions about the company’s data security measures and whether the company could have done more to prevent this type of cyber-attack.
Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Suncoast Skin Solutions breach is only in its beginning phases. For that reason, it is too early to tell if Suncoast Skin Solutions was legally responsible for the breach. However, our data breach attorneys are investigating the Suncoast Skin Solutions security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against Suncoast Skin Solutions, contact a data breach attorney as soon as possible.
If you receive a data breach notification from Suncoast Skin Solutions in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
Suncoast Skin Solutions (“Suncoast Skin Solutions”) is a dermatology practice that provides surgical, medical, and cosmetic dermatological care to patients through 22 offices located throughout Florida. Suncoast offers customers a variety of services, including skin cancer treatment, Mohs surgery, medical dermatology, and cosmetic dermatology. The company is based in Lutz, Florida.
According to an official notice filed by the company, on July 14, 2021, Suncoast Skin Solutions learned that an unauthorized party encrypted certain files on the company’s network and may have gained accessed consumer data located. Once Suncoast Skin Solutions learned of the possible cyberattack, it initiated an internal investigation. On October 14, 2021, the investigation confirmed that the company was the victim of a may have been viewed by the unauthorized party.
Upon learning of the extent of the security breach, Suncoast Skin Solutions then reviewed the affected files to determine what information was compromised. On November 8, 2022, the company confirmed that the information may have included certain consumers’ protected health information. While the compromised information varies by consumer, it may include their name, date of birth, clinical information, doctor’s notes, and other limited treatment information. According to one source, approximately 57,730 consumers are believed to have been affected by the breach.
More recently, Suncoast Skin Solutions began sending out data breach notification letters to all individuals whose information was contained in the affected files.
Below is a portion of the Suncoast Skin Solutions online notice regarding the data breach. The complete version can be found here.
Suncoast Skin Solutions (“Suncoast”) has become aware of an incident that may have exposed some limited patient data, including names, dates of birth, clinical information, and other limited treatment information. Suncoast takes its patients’ privacy very seriously and has taken steps to notify any patients who may have been affected by this incident. Suncoast sincerely regrets any inconvenience that this incident may cause and remains dedicated to protecting patients’ personal information.
What Happened: On July 14, 2021, Suncoast discovered that some of its systems were encrypted by an unknown party. Suncoast acted quickly to prevent the encryption of all of its systems. Suncoast promptly hired a specialized cybersecurity firm to conduct a forensics investigation to determine the nature and scope of the compromise. The forensic investigation concluded on October 14, 2021. Suncoast then did a preliminary review of their systems to determine if patient information was potentially compromised that concluded on November 8, 2021. Meanwhile, Suncoast is engaging a third party vendor to review the impacted systems in an effort to identify specific individuals whose information may have been impacted.
What Information Was Involved: Personal data including patients’ name, date of birth, clinical information, doctor’s notes, and other limited treatment information may have been viewed by an unauthorized individual. At this time, Suncoast has no reason to believe that any personal information of Suncoast’s patients has been misused as a result of this incident. Out of an abundance of caution, Suncoast notified the patients potentially impacted by the incident.
What We Are Doing: In response to this incident, Suncoast has taken the following steps: engaging a third party vendor to review its cyber security procedures and transferring all of its patient data to an encrypted system.
What You Can Do: Upon discovery of this incident, Suncoast is in the process of obtaining complimentary credit monitoring for certain impacted individuals. Suncoast will contact you by mail if your information was impacted and you are entitled to credit monitoring. Meanwhile, Suncoast refers you to the Additional Important Information section of this letter, which provides you with further information to obtain your credit report, place fraud alerts and freeze your credit.
Suncoast sincerely regrets any inconvenience that this incident may cause to its clients and remains dedicated to protecting their information.