$100 Million awarded Since 1994 6,000 Satisfied Clients

Posted On January 12, 2023 Consumer Privacy & Data Breaches

Protected Health Information Accessed in Legacy Hospice Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Legacy Operating Company, LLC d/b/a Legacy Hospice, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.

Data Breach AlertJanuary 12, 2022 – Legacy Operating Company, LLC d/b/a Legacy Hospice filed a notice of data breach with the Attorney General of Maine on December 22, 2022 after employee email accounts were compromised and patient information was accessed. Per the filing, the patient information that was accessed was full names, dates of birth, dates of death, Social Security numbers, financial account information, credit and debit card information, taxpayer identification numbers, driver’s license numbers, financial account information, government identification numbers, and protected health information. Legacy confirmed the leak and began sending out notification letters to 21,202 individuals affected by the data breach.

At Console & Associates, P.C., data breach lawyers are actively investigating the breach at Legacy. If you have received a letter from Legacy, your information may now be in the hands of those wishing to do you harm in the form of fraud or identity theft. To learn more about what you can do to protect yourself now and whether you may be able to pursue a data breach lawsuit against Legacy Hospice, we are offering free consultations.

About Legacy Hospice

Legacy Hospice is a long-term care provider for patients who are terminally ill and operates in many states throughout the United States, including Mississippi, Louisiana, Alabama, Oklahoma, Missouri, Tennessee, and Arkansas. Legacy Hospice is based in Salem, Arkansas and employs over 61 people, and generates approximately $16 million in revenue annually.

What We Know About the Legacy Hospice Data Breach

According to the Maine Attorney General report, Legacy Hospice discovered that employee email accounts had been accessed. The company launched an investigation with third-party cyber security specialists to learn as much as possible about the incident.

After the investigation was concluded, it was confirmed that an unauthorized party had gained access to the company’s computer network on February 11, 2022 and between April 7, 2022 and April 21, 2022 and confidential patient information, such as full names, dates of birth, dates of death, Social Security numbers, financial account information, credit and debit card information, taxpayer identification numbers, driver’s license numbers, financial account information, government identification numbers, and protected health information.

On December 22, 2022, Legacy Hospice sent out data breach notification letters to all individuals affected. According to the Maine Attorney General, 21,202 patients were affected by the breach.

What Can Hackers Do With Your Protected Health Information?

You might be wondering what a hacker could even do with your protected health information or even what it is.

Only specific health information is considered protected by the Health Insurance Portability and Accountability Act of 1996, also known as HIPAA. HIPAA identifies and controls all protected health information (PHI). According to its “Privacy Rule,” PHI is:

“All individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”

There are 18 identifiers that HIPAA considers protected, including:

  • Name;
  • Social security number;
  • Phone number;
  • Geographic locations that are less than a state, including street address, city, county, zip code, etc.;
  • Any dates related to a patient more specific than a year, including date of birth, date of death, discharge dates, etc.;
  • Email address;
  • Account numbers;
  • Health plan beneficiary numbers;
  • Medical record number;
  • Vehicle identifiers, like license plate numbers;
  • Certificate and license number;
  • Device identifiers;
  • Web URL;
  • Internet protocol (IP) address;
  • Fax number;
  • Biometric IDs, such as a fingerprint or voice print;
  • Full-face photographs and other photos of identifying characteristics; and
  • Any other unique identifying characteristic.

With your protected health information, hackers can commit medical identity theft. This means that they, or anyone on the dark web that they’ve sold your information to, can use it to receive free health care in your name. That would make you responsible for any medical bills that they have incurred. This may also lead to dangerous misinformation in your medical records, such as misdiagnosis, incorrect medical history, and medications you may not have taken. All these things can affect the care and treatment you receive the next time you need medical services.

If You Have Been Affected by the Legacy Operating Company, LLC d/b/a Legacy Hospice Data Breach, Console & Associates, P.C. Can Help

The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Legacy Hospice data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.

To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.

Below is a portion of the letter sent out to affected individuals:

Dear [Redacted],

We are writing with important information regarding a recent data security incident. The privacy and security of the personal and protected health information we maintain is of the utmost importance to Legacy Operating Company, LLC d/b/a Legacy Hospice.

We wanted to provide you with information about the incident, explain the services we are making available to you, and let you know that we continue to take significant measures to protect your information.

What Happened?

We have learned that an unauthorized individual may have obtained access to a limited number of employee email accounts on February 11, 2022 and between April 7, 2022 and April 21, 2022.

What We Are Doing.

We immediately launched an investigation, in consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations, to analyze the extent of any compromise of the email accounts and the security of the emails and attachments contained within them. We devoted considerable time and effort to determine what information was contained in the affected email accounts.

What Information Was Involved?

Based on our comprehensive investigation and document review, we discovered on November 7, 2022 that the compromised email account(s) contained certain identifiable personal and/or protected health information, including your full name and [Redacted].

What You Can Do.

To date, we are not aware of any reports of identity fraud or improper use of your information as a direct result of this incident.

Out of an abundance of caution, we wanted to make you aware of the incident, explain the services we are making available to help safeguard you against identity fraud, and suggest steps that you should take as well. To protect you from potential misuse of your information, we are offering a complimentary one-year membership in Equifax® Credit WatchTM Gold. Equifax® Credit WatchTM Gold is completely free to you and enrolling in this program will not hurt your credit score. For more information on identity theft prevention and Equifax® Credit WatchTM Gold, including instructions on how to activate your complimentary one year membership, please see the additional information provided in this letter.

This letter also provides other precautionary measures you can take to protect your personal information, including placing a Fraud Alert and/or Security Freeze on your credit files, and/or obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.

For More Information.

Please accept our apologies that this incident occurred. We are committed to maintaining the privacy of personal and protected health information in our possession and have taken many precautions to safeguard it. We continually evaluate and modify our practices and internal controls to enhance the security and privacy of your personal and protected health information.

If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have set up to respond to questions at [Redacted]. This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to protect against misuse of your information. The response line is available Monday through Friday, 9am to 9pm Eastern.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Legacy Operating Company, LLC d/b/a Legacy Hospice, contact the attorneys at Console & Associates at (866) 778-5500 to discuss your legal options, or submit a confidential Case Evaluation form here.