Posted On December 30, 2022 Consumer Privacy & Data Breaches
December 30, 2022 – After a ransomware attack exposed sensitive patient information in their possession, Monarch filed notice of a data breach with the Massachusetts Attorney General and the U.S. Department of Health and Human Services Office for Civil Rights on December 16, 2022. According to the filing, an unauthorized party gained access to patient information such as full names, Social Security numbers, and protected health information. Once confirmed that there was a consumer data leak, Monarch sent out notification letters to all 56,155 individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Monarch data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Monarch.
Monarch is a healthcare provider that provides patients with mental illness, substance abuse disorders, and intellectual and developmental abilities with services like long-term support, care management, and behavioral health services. Originally founded in 1958 in Albemarle, North Carolina, Monarch now employs over 1,886 people and generates approximately $86 million in revenue annually.
According to filings with the Massachusetts Attorney General and the U.S. Department of Health and Human Services Office for Civil Rights, Monarch determined that it had been the target of a ransomware attack on August 29, 2022. The company does not reveal further details on how the incident came to be. The company began working with third-party forensic specialists to investigate the attack and determine what consumer information had been leaked. The investigation was concluded on November 22, 2022.
After learning that the consumer data was exposed to a third party, Monarch’s next step was to review the files and determine what information was made available. The types of information exposed were full names, Social Security numbers, and protected health information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 26, 2022, Monarch sent out letters to all individuals whose information had been compromised.
If you receive a notice of a data breach from Monarch, it means your personal information was included in the data breach. full names, Social Security numbers, and protected health information may now be in the hands of an unknown party.
As a victim of a breach, you might be wondering what a hacker can do with the information obtained. Social Security numbers are often used to commit identity theft by those that stole the information. Combined with protected health information, a criminal may seek free healthcare using a victim’s identity. They may also sell the information on the dark web for others to use. That can leave a victim stuck with medical bills that don’t belong to them or a medical history that’s been compromised by a criminal using their identity.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Monarch data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Monarch (the actual notice sent to consumers can be found here):
Dear [Redacted],
Monarch is writing to inform you of a recent incident that may affect the privacy of some of your information as described below. While we have no evidence of attempted or actual misuse of your information as a result of this incident, out of an abundance of caution, we are providing you with information about the incident, our response, and steps you can take to help protect your information.
What Happened: On August 29, 2022, Monarch became aware that we were victimized by a sophisticated ransomware attack that impacted our network. Upon discovery, we immediately took steps to secure our network and promptly began an investigation, aided by third-party forensic specialists, to confirm the nature and scope of the incident. We also reported this incident to federal law enforcement. Through the investigation, it was determined that, as part of the cyber-attack, certain files may have been subject to unauthorized access. As a result, we undertook a comprehensive and time-intensive process to identify what type of information may have been contained within the potentially impacted files, and to whom that information belonged. That process was completed on November 22, 2022. We are now notifying those individuals whose information was potentially impacted by the incident.
What Information Was Involved: The information believed to potentially be at risk includes your first and last name, in combination with the following: [Redacted].
What We Are Doing: Upon discovery, we immediately engaged third-party forensic specialists to fully investigate this matter. Out of an abundance of caution, we have arranged for you to activate, at no cost to you, an online credit monitoring service for [Redacted] months provided by IDX. Due to privacy laws, we cannot activate these services for you directly.
Additional information regarding how to activate the complimentary credit monitoring service is enclosed. We have also provided additional information about steps you can take to help protect yourself against fraud and identity theft. Please note the deadline to enroll is March 16, 2023.
What You Can Do: We recommend that you remain vigilant in regularly reviewing and monitoring all of your account statements, explanation of benefits statements, and credit history to guard against any unauthorized transactions or activity.
If you discover any suspicious or unusual activity on your accounts, please promptly contact your financial institution or company. Additionally, you can enroll to receive the complimentary credit monitoring service we are making available to you. You can also review the enclosed “Steps You Can Take to Help Protect Your Information” for additional resources.
For More Information: Should you have additional questions or concerns regarding this matter, please do not hesitate to contact us at 1-833-758-4500, Monday through Friday from 9 am – 9 pm Eastern Time.
We take the privacy and security of the information in our care seriously, and sincerely regret any worry or inconvenience this incident may cause you and your family.
