Posted On February 14, 2023 Consumer Privacy & Data Breaches
February 14, 2023 – Rise Interactive Media & Analytics, LLC filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights on February 3, 2023, after discovering that an unauthorized party had accessed the confidential information of patients with RGH Enterprises, Inc, dba Edgepark Medical Supplies. Per the filing, the patient information that was accessed was full names, protected health information, insurance information, phone numbers, and email addresses. Rise confirmed the leak had impacted 54,509 individuals and began sending out notification letters.
At Console & Associates, P.C., data breach lawyers are actively investigating the breach at Rise. If you have received a notification letter, your information may now be in the hands of those wishing to do you harm in the form of fraud or identity theft. To learn more about what you can do to protect yourself now and whether you may be able to pursue a data breach lawsuit against Rise Interactive, we are offering free consultations.
Rise Interactive Media & Analytics is a digital marketing agency specializing in digital media, customer experience services, and analytics. Established in 2004 in Chicago, Illinois, Rise is a subsidiary of Quad, a large media services corporation located in Sussex, Wisconsin. Rise Interactive has over 229 employees and generates approximately $117 million in revenue annually. Quad employs over 15,000 people and generates about $3.2 billion annually.
According to filing with the U.S. Department of Health and Human Services Office for Civil Rights and a data breach notification letter by Edgepark Medical Supplies, Rise Interactive discovered that an unauthorized party had gained access to the confidential information of Edgepark Medical Supplies’ patients on November 14, 2022, Rise Interactive informed Edgepark of the incident on December 5, 2023. As a result, Rise launched an investigation with the help of cybersecurity specialists after informing law enforcement.
After the investigation was concluded, it was confirmed that an unauthorized party had gained access to the company’s computer network and confidential patient information, such as full names, protected health information, insurance information, phone numbers, and email addresses had been leaked, though the information varies by individual.
On February 3, 2023, Edgepark Medical Supplies sent data breach notification letters to all individuals affected.
You might wonder what a hacker would want to do with your protected health information or even what it is.
The Health Insurance Portability and Accountability Act of 1996, also known as HIPAA, protects only specific health information. HIPAA identifies and controls all protected health information (PHI). According to its “Privacy Rule,” PHI is:
“All individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.”
There are 18 identifiers that HIPAA considers protected, including:
With your protected health information, hackers can commit medical identity theft. This means that they, or anyone on the dark web that they’ve sold your information to, can use it to receive free health care in your name. That would make you responsible for any medical bills that they have incurred. This may also lead to dangerous misinformation in your medical records, such as misdiagnosis, incorrect medical history, and medications you may not have taken. All of these things can affect the care and treatment you receive the next time you require medical services.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Rise Interactive Media & Analytics, LLC data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent out to affected individuals:
Dear [Redacted],
RGH Enterprises, Inc. d/b/a Edgepark Medical Supplies (“Edgepark”) is committed to protecting the security and confidentiality of our patients’ information. We are writing to inform you of a recent incident experienced at one of our vendors, Rise Interactive Media & Analytics, LLC (“Rise”), involving some of your information. While we have no indication that your information has been misused, this letter contains information about the incident, steps we have taken in response, and steps you can take. Rise is a digital marketing agency that works with clients across various industries, including healthcare.
What Happened? On December 5, 2022, Rise informed us that it had identified a data security incident within its systems on November 14, 2022. Upon learning of this incident, Rise reported it to law enforcement and began an investigation with outside cybersecurity professionals. Although the investigation is ongoing, Rise learned that certain files may have been accessed or acquired as a result of this incident. On December 2, 2022, Rise identified that one of those files included Edgepark’s patient information, provided to Rise in connection with its services.
What Information Was Involved? The file potentially involved included your name, email address, phone number, provider information, diagnosis, expected delivery date and health insurance information. Your Social Security number, financial account information, and your payment card information were not involved in this incident.
Importantly, this incident did not involve any access to Edgepark’s systems, network, or electronic health records. This incident occurred on Rise’s systems and was not targeted at Edgepark.
What We Are Doing. We deeply regret any inconvenience or concern this incident may cause you. To help prevent something like this from occurring in the future, Rise has assured us that it will continue to evaluate and modify its practices and internal controls to enhance the security and privacy of personal information.
What You Can Do. We wanted to advise you of the incident and assure you that we take it very seriously. As a precaution, we recommend that you review the statements that you receive from your health insurer. If you see services that you did not receive, please contact the insurer immediately.
For More Information. If you have any questions, please call [Redacted], Monday through Friday from 9:00 a.m. to 6:30 p.m Eastern Time (excluding major U.S. holidays).
