$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On March 31, 2023 Consumer Privacy & Data Breaches

Cyberattack Results in Data Breach at American Pain and Wellness, PLLC

NOTICE: If you received a NOTICE OF DATA BREACH letter from American Pain and Wellness, PLLC, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertMarch 31, 2023 – American Pain and Wellness, PLLC (“APW”) discovered that a third party had gained access to private patient data kept on the company’s computer network and, as a result, filed a report of data breach with the Maine Attorney General on March 24, 2023. The event led to an unauthorized party obtaining access to the names, insurance information, protected health information, and Social Security Numbers of consumers, according to the company’s report. After confirming that customer data had been compromised, APW started notifying everyone who had been affected by the recent data security issue.

It is important that you know what is at risk if you receive a notification of a data breach. On behalf of those whose information was compromised, the data breach lawyers at Console & Associates, P.C. are actively looking into the American Pain and Wellness data breach. We are offering free consultations to anyone impacted by the breach who is interested in finding out more about the dangers of identity theft, what they can do to protect themselves, and what legal options they may have to seek compensation from American Pain and Wellness as part of this investigation.

About American Pain and Wellness, PLLC

American Pain and Wellness, PLLC is based in Plano, Texas, but also operates in Allen, Texas. The business is a pain-management clinic that helps people with chronic pain brought on by illnesses like arthritis, back pain, herniated discs, knee discomfort, and sports injuries. The clinic administers epidural steroid injections, facet injections, joint injections, and PRP injections. More than 50 people are employed by American Pain and Wellness, which brings in about $10 million a year.

Information About the American Pain and Wellness Breach

American Pain and Wellness discovered unusual behavior in its computer system on November 27, 2022, according to the company’s report with the Maine Attorney General. In response, the business opened an investigation in an effort to learn more about the situation and determine whether any patient data was compromised.

The results of the APW inquiry proved that an unknown and unapproved individual had access to the firm’s system between November 10, 2022 and November 27, 2022. American Pain and Wellness established that some of the documents that the hacker had access to involved confidential patient data.

After learning that unauthorized individuals had obtained private patient information, American Pain and Wellness began looking through the relevant papers to determine what data was compromised and who was affected. The information that has been compromised may include your name, insurance information, protected health information, and Social Security Number, but it may vary by individual.

American Pain and Wellness mailed notification letters on March 24, 2023, to every person whose data was exposed as a result of the breach.

Why Patients Should Take Extra Caution When Protected Health Information Is Exposed

As mentioned previously, the American Pain and Wellness data breach resulted in the disclosure of numerous types of patient data, including their protected health information. Any information that medical professionals gather about a patient while they are receiving treatment is referred to as protected health information, or PHI. Test and laboratory findings, demographic data, insurance information, and information on a person’s mental health, for instance, can all be categorized as protected health information.

Of course, not all healthcare-related information is considered “protected”—only data that contains an identifier is considered PHI. This is because, without an identifier, leaked data could not be connected to a specific patient.

Not all data pertaining to healthcare is deemed “protected.” Only information that has an identifier is regarded as PHI. This is so that information that was compromised could not be linked to a particular patient.

The Health Insurance Portability and Accountability Act of 1996, or HIPAA for short, lists 18 different identifiers, including:

  • Name;
  • Social security number;
  • Address more specific than a state;
  • Email address;
  • Dates that are more specific than a year and that pertain to an individual, such as the patient’s birthdate, the date of admission, etc.
  • Account number;
  • Phone number;
  • Fax number;
  • Certificate or license number;
  • Health plan beneficiary number;
  • Medical record number;
  • Device identifiers and serial numbers;
  • Vehicle identifiers, like license plate numbers and serial numbers;
  • Internet protocol (IP) address;
  • Web URL;
  • Full-face photographs and other photos of identifying characteristics;
  • Biometric IDs, such as a fingerprint or voice print; and
  • Any other unique identifying characteristic.

As previously mentioned, the Health Insurance Portability and Accountability Act of 1996, or HIPAA, regulates the gathering and use of protected health information. The “privacy rule,” which “protects all individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral,” is one of the most crucial provisions of HIPAA. Simply put, medical professionals are prohibited from disclosing any information that is covered by the Privacy Rule unless the patient has given permission, or the Privacy Rule otherwise permits it. And significantly, even an unintentional disclosure of patient data may still breach the privacy requirement.

Healthcare data breaches are concerning since personal health information is involved. Healthcare data breaches, however, not only raise privacy issues but also expose patients to financial and possibly physical danger.

A hacker who gets your protected health information will offer it for sale to another criminal on the dark web who wants to receive free medical care. Once a criminal obtains your information, they can effectively steal your identity and pose as you when you visit the doctor. In addition to making you liable for their medical bills, this can also result in inaccurate and misleading information being recorded in your medical records, such as when a criminal who receives treatment in your name provides a doctor with their own medical history or a list of current medications.

If You Have Been Affected by American Pain and Wellness, PLLC Data Breach, Console & Associates, P.C. Can Help

The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the American Pain and Wellness, PLLC data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

NOTICE: If you received a NOTICE OF DATA BREACH letter from American Pain and Wellness, PLLC, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.