Posted On April 18, 2023 Consumer Privacy & Data Breaches
April 18 – Beacon Health System issued a notification of data breach on March 10, 2023, after discovering an employee was illegally accessing patient files containing sensitive information. According to the company’s announcement, the breach exposed customers’ names, birth dates, Social Security numbers, mailing addresses, and maybe even their medical records. Beacon started distributing data breach notification letters to all persons affected once it was confirmed that customer data was compromised.
Console & Associates, P.C. urges anybody who has received a notification letter from Beacon Health System to contact our data breach lawyers as soon as possible. In order to assist you in figuring out what to do next, what precautions you can take to protect yourself, and whether or not you have grounds to sue Beacon Health System for damages due to a data breach, we are providing free consultations.
South Bend, Indiana is home to Beacon Health System, a healthcare management firm with 160 additional sites throughout Indiana and Michigan. They provide a wide variety of medical services, such as primary care, pediatrics, obstetrics, oncology, and more. Beacon also runs numerous other hospitals’ emergency rooms, including the ones at Beacon Granger, Elkhart General, Three Rivers, Memorial, and Bremen Community hospitals. Beacon Health System began operations in 2011, and now it employs over 6,951 people and has an annual revenue of over $919 million.
Beacon found out on January 10, 2023, that an employee may have been accessing patient files, according to a notification on the company’s website. On February 20, 2023, Beacon made the official determination that the worker had illegally accessed patient records between November 19, 2018, and February 24, 2023.
To find out what data was compromised and what data was accessed, Beacon initiated an investigation. Information such as names, dates of birth, Social Security numbers, addresses, and protected health information may have been compromised; however, the specifics vary for every person. According to the Beacon data breach letter, the ex-employee may have had access to patients’ medical records, which may have included their medical histories, diagnoses, lab and diagnostic test results, emergency care treatment information, operative and anesthesia documentation, and ancillary clinical documentation.
Data breach letters were sent out by Beacon Health System on March 10, 2023, to everyone whose personal information was exposed in the incident.
Once a hacker can access sensitive data, such data is used or sold on the dark web immediately. Because hackers generally have a head start, it is imperative that a breach victim take immediate action to limit the harm.
The following is a set of immediate safety measures that you may take. If your financial information was compromised in the data breach, you may want to take further precautions beyond those on this list.
Companies who have experienced a data breach have a duty to notify their customers and the relevant authorities in the states where their customers reside. Please review the Beacon Health System letter thoroughly. Data breach letters often include specifics regarding the incident, such as how the breach occurred, what measures the organization is doing to guarantee patient protection in the future, and whether or not any victims have reported fraud or identity theft.
Maintain strict vigilance on your finances. Keep an eye on your bank and credit card statements for any unusual behavior, and report it immediately if you find it.
The three main credit reporting companies all provide free fraud alerts, and credit freezes to their customers. When you put a freeze on your credit, no one else may access it without your permission. For other businesses, a fraud warning is akin to raising a red flag. Any business that pulls your credit report will be alerted to the possibility that you have been the victim of identity theft or fraud.
You should still take an effort to safeguard all of your internet accounts, even if your financial data was not stolen. Immediately go and change all of your passwords. When attempting fraud or identity theft, hackers often hunt for other accounts to get the necessary information. Use two-factor authentication if it’s offered.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Beacon Health System data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the notice posted to their website:
A recent data security event involving Beacon Health System (“Beacon”) may affect the security of information related to certain individuals who are affiliated with Beacon as current or former patients. Although there is no indication of identity theft or fraud resulting from this event, we are providing you with information about the event, our response to it, and information related to what you may do to better protect your information, should you feel it appropriate to do so.
What Happened. On or about January 10, 2023, Beacon became aware that an employee may have been inappropriately accessing patient records. The employee’s job functions provided security privileges which allowed them access to clinical documentation in the medical record. This employee performed duties related to registration, verification of benefits, and assisted with patient placement within the hospital. Due to the nature of their job, access to some clinical documentation would periodically be necessary. Beacon immediately launched an investigation to determine the full nature and scope of the employee’s activity to assess the volume of records potentially involved. On or around February 20, 2023, Beacon confirmed that the individual had inappropriately accessed records that did not pertain to their job duties. The information was accessed during the course of the individual’s employment with Beacon between the dates of November 19, 2018 and February 24, 2023. Beacon also began a comprehensive and time intensive review of the potentially accessed records in order to provide proper notification to individuals. That review was recently completed.
What Information Was Affected. The information accessible during this event varies per individual. The types of information viewed in Beacon’s electronic medical record may include demographic items such as an individual’s name, address, date of birth, Social Security number, as well as clinical information such as diagnoses, emergency care treatment information, labs and diagnostic testing, operative and anesthesia documentation, as well as ancillary clinical documentation and medical history.
What We are Doing. We take this event and the security of your information seriously. Upon learning of this event, we moved quickly to investigate and respond to the event, assessing the security of our systems, and identifying any impacted data. We will also be directly notifying potentially impacted individuals, where address information exists, so that they may take further steps to help protect their information, should they feel it is appropriate to do so.
What Affected Individuals Can Do. As a precautionary measure, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and credit reports for unusual activity and to detect errors. Additional resources can be found below in the Steps You Can Take to Help Protect Your Information.
For More Information.If you have additional questions, you may contact our dedicated assistance line toll-free at (888) 994-0277. This toll-free line is available Monday through Friday 8 am – 10 pm CST, Saturday and Sunday 10 am – 7 pm CST (excluding major U.S. holidays). You may also write to Beacon at 615 North Michigan Street, South Bend, Indiana 46601.