Posted On March 15, 2023 Consumer Privacy & Data Breaches
March 15, 2023 – Independent Living Systems, LLC (“ILS”) informed the Attorney General of Maine of a data breach on March 14, 2023, after verifying that unauthorized access to confidential patient data kept on the business’s computer network had occurred. According to the business’s filing, the event led to unauthorized access to the names, protected health information, and Social Security numbers of consumers. ILS started mailing data breach notification letters to the more than 4 million people affected by the recent data security incident as soon as it was confirmed that customer data had been leaked.
Data breach lawyers for Console & Associates, P.C. are actively looking into the Independent Living Systems data breach. Your information may now be in the hands of those wanting to harm you through fraud or identity theft if you received a data breach notification letter. We are providing free consultations so that you can find out more about how you can defend yourself right away and whether you might be able to file a lawsuit against ILS for a data breach.
Healthcare services provider Independent Living Systems, LLC offers a variety of healthcare options for hospitals, community-based groups, healthcare plans, and providers. With ten offices nationwide and headquartered in Miami, Florida, ILS services more than 4,000,000 members. Independent Living Systems, which was founded in 2001, now employs over 800 people and brings in about $117 million annually.
ILS workers discovered that some of the company’s computer systems were inaccessible on July 5, 2022, according to the company’s filing with the Maine Attorney General. In reaction, the business opened an investigation into the occurrence with the aid of outside data security experts.
An unauthorized party was able to view data on the company’s IT network between June 30, 2022, and July 5, 2023, according to the ILS investigation. ILS later discovered that some of the information that the unauthorized party had access to was confidential data.
Independent Living Systems started to examine the affected files after learning that private patient information had been made accessible to an unauthorized party in order to identify what data had been stolen and which clients were impacted. Your name, Social Security number, and protected health information may have been exposed, though the details may differ by individual.
On March 14, 2023, Independent Living Systems sent data breach notification letters to all individuals affected, over 4,000,000.
You might be unsure of what your secured health information is or even what a hacker could do with it.
Only specific health information is considered protected by the Health Insurance Portability and Accountability Act of 1996, also known as HIPAA. HIPAA identifies and controls all protected health information (PHI). According to its “Privacy Rule,” PHI is:
The Health Insurance Portability and Accountability Act of 1996, or HIPAA, only protects specific health records. All secured health information is identified and managed by HIPAA. In accordance with its “Privacy Rule,” PHI is:
“All individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”
There are 18 identifiers that HIPAA considers protected, including:
Medical identity theft can be done by hackers using your protected health details. This implies that they could use your information to apply for free medical treatment in your name, as could anyone else to whom they sold your information on the dark web. You would then be liable for any medical expenses they may have accrued. A dangerous misdiagnosis, an inaccurate medical history, and medications you may not have taken could result from this, which could also contribute to inaccurate information in your medical records. The care and therapy you receive the next time you require medical attention could be impacted by all of these factors.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Independent Living Systems, LLC data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Independent Living Systems, LLC (“ILS” or “We”) provides a variety of managed services to several partner health plans and their enrollees or referred individuals, including [Redacted]. ILS’s services include plan administration, nutrition support, and comprehensive care management. We are committed to protecting the confidentiality and security of the information we gather in providing these services.
We are writing to make you aware of a data incident that may impact the privacy of your personal information and/or protected health information (“PHI”). Please read this letter carefully, as it provides details about the incident and our response.
What Happened? On July 5, 2022, we experienced an incident involving the inaccessibility of certain computer systems on our network. We responded to the incident immediately and began an investigation with the assistance of outside cybersecurity specialists. Through our response efforts, we learned that an unauthorized actor obtained access to certain ILS systems between June 30 and July 5, 2022. During that period, some information stored on the ILS network was acquired by the unauthorized actor, and other information was accessible and potentially viewed. Upon containing the incident and reconnecting our computer systems, we began to review the potentially affected data to determine whether it contained any personal information or PHI, and if so, to whom such information related.
What Information Was Involved? As previewed above, we conducted a comprehensive data review exercise to understand the scope of potentially affected information and identify the individuals to whom such information relates. On January 17, 2023, we received the results of this review and determined that the following types of information related to you were included in one or more files acquired by the unauthorized actor or present in one or more files that resided on an area of the ILS network that was accessed by the unauthorized actor: name, [Redacted]. Please note that we have no evidence or other indication that identity theft or fraud occurred as a result of this incident. We are providing this notice out of an abundance of caution.
What We Are Doing. We take this incident and the security of information entrusted to us very seriously. In response to the incident, we promptly took steps to mitigate any risk of compromise to your information and better prevent a similar event from reoccurring. These actions included: (1) fortifying the security of our firewall; (2) utilizing the forensic specialists engaged to monitor our network and remediate any suspicious activity identified; (3) rotating and increasing the complexity of all users’ credentials, and (4) providing notification to potentially affected individuals as quickly as possible. We are also enhancing our existing training protocols and other internal procedures that relate to data protection and security. In accordance with best practices, we encourage you to review your account statements, explanations of benefits, and credit reports carefully for unexpected activity and to report any questionable activity to the associated institutions immediately.
As an added precaution, we are also providing you with access to [Redacted] months of complimentary identity monitoring and restoration services through Experian, along with guidance on how to protect against the possibility of information misuse. We are covering the cost of these services, but due to privacy restrictions, you will need to complete the activation process yourself.
What You Can Do. You can find out more about how to protect your information in the enclosed Steps You Can Take to Protect Information. There, you will also find additional details about the identity monitoring services we are offering and how to enroll.
For More Information. If you have questions about this incident that are not addressed in this letter, please contact our dedicated assistance line, which can be reached at 800-906-7238 toll-free Monday through Friday from 8 am – 10 pm Central, or Saturday and Sunday from 10 am – 7 pm Central (excluding major U.S. holidays). Be prepared to provide your engagement number [Redacted].
We apologize for any inconvenience this incident may cause you and remain committed to safeguarding the privacy and security of information in our possession.