Recently, the medical billing company, Medical Healthcare Solutions, Inc., announced a “cyber incident” in which an unauthorized party obtained certain documents stored on the company’s system. As a result of the Medical Healthcare Solutions, Inc. data breach, the personal and protected health information (“PHI”) information of certain individuals was compromised.
News of the Medical Healthcare Solutions data breach just broke, and details of the event are still sparse. However, the data breach lawyers at Console & Associates, P.C. are actively investigating the security breach. If an investigation reveals that Medical Healthcare Solutions failed to ensure the safety of consumer data leading up to the breach, the company may be liable through a data breach class action lawsuit.
Cyberattacks such as this one are increasingly common in today’s society. Today more than ever, businesses store data electronically. While there are certainly many ways to protect against cyberthreats, hackers have ways of identifying vulnerabilities in data security systems, which they can then exploit.
When a hacker breaches a company’s computer systems, they can steal sensitive consumer information from the compromised systems. While there is no guarantee that this information will be used for criminal purposes, that is not an uncommon occurrence. Thus, as a matter of course, after a company experiences a data breach, they will inform anyone whose information was compromised. Despite the risks data breaches present, many consumers fail to take precautionary measures to protect themselves from identity theft and other frauds.
Those impacted by a data breach should be sure they understand what happened, what their rights are, and how they can pursue them.
Can Consumers Whose Data Was Leaked Pursue Legal Action Against a Company?
When you allowed Medical Healthcare Solutions access to your personal data, you trusted the company to keep your sensitive information safe. However, news of the Medical Healthcare Solutions data breach raises some very serious questions about the school’s data security measures and whether the company could have done more to prevent this type of cyber-attack.
Regardless of the industry, all businesses have a legal obligation to protect consumer information in their possession. Although creating and maintaining a data security system is costly, this is a necessary expense given the frequency with which cyberattacks occur.
Consumers whose personal, identifying, financial or healthcare-related data was compromised in a data breach can pursue legal action against a company that misused or mishandled their information. However, the investigation into the Medical Healthcare Solutions breach is only in its beginning phases. For that reason, it is too early to tell if Medical Healthcare Solutions was legally responsible for the breach. However, our data breach attorneys are investigating the Medical Healthcare Solutions security breach to determine the potential legal remedies of those affected.
If you have questions about your ability to pursue a data breach class action lawsuit against Medical Healthcare Solutions, contact a data breach attorney as soon as possible.
What to Do If You Received a Data Breach Notification from Medical Healthcare Solutions
If you receive a data breach notification from Medical Healthcare Solutions in the coming weeks, it means your personal data was among that which was compromised in the recent cyberattack. It also means a cybercriminal had access to—and may have stolen—your personal data. Given the risks involved, it is important you remain vigilant by taking the following steps:
1.) Carefully read the data breach letter sent by Medical Healthcare Solutions to determine what information was accessible;
2.) Make a copy of the letter for your records;
3.) Enroll in the free credit monitoring service provided by Medical Healthcare Solutions;
4.) Change all your online passwords and security questions;
5.) Enable two-factor or multi-factor authentication, where it is available;
6.) Regularly review your credit card and bank account statements for any signs of suspicious activity;
7.) Monitor your credit report for any unexpected changes that may be a sign of identity theft;
8.) Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
9.) Notify your banks and credit card companies of the data breach.
While placing a credit freeze on your accounts may initially seem like a drastic measure, according to the Identity Theft Resource Center (“ITRC”), doing so is the “single most effective way to prevent a new credit/financial account from being opened.” However, ITRC reports that just 3% of consumers whose information is leaked place a freeze on their accounts.
About Medical Healthcare Solutions
Medical Healthcare Solutions, Inc. (“MHS”) is a medical billing and practice management company based out of Andover, Massachusetts. The company was founded in 1991, and specializes in assisting physicians and practice groups in the following practice areas: cardiology, chiropractic, dermatology, family practice, general surgery, internal medicine, obstetrics/gynecology, oncology, ophthalmology, orthopedics, pain management, pediatrics, physiatrist, physical therapy, plastic surgery, podiatry, psychiatry, psychology, pulmonary, gastroenterology, transplants, neurosurgery, interventional radiology, urology and vascular surgery.
The Details of the MHS, Inc. Data Breach
According to an official notice filed by the company, on November 19, 2021, Medical Healthcare Solutions, Inc. learned that an unauthorized party may have accessed and removed certain files from the company’s servers. Once Medical Healthcare Solutions learned of the possible cyberattack, it initiated an internal investigation. The investigation confirmed that the company was the victim of a cyberattack and that certain files were accessible between the dates of October 1 and October 4, 2021.
Upon learning of the extent of the security breach, Medical Healthcare Solutions then reviewed the affected files to determine what information was compromised. On January 8, 2022, the company confirmed that the information may have included certain consumers’ protected health information. While the compromised information varies by consumer, it may include their name, address, date of birth, sex, phone number, email address, Social Security number, driver’s license/state ID number, financial account number, routing number, payment card number, card CVV/expiration, diagnosis/treatment information, procedure type, provider name, prescription information, date of service, medical record number, patient account number, insurance ID number, insurance group number, claim number, insurance plan name, provider ID number, procedure code, treatment cost, and diagnosis code.
On January, 21 2022, Medical Healthcare Solutions began sending out data breach notification letters to all individuals whose information was contained in the affected files.
Below is a copy of the initial data breach letter issued by Medical Healthcare Solutions (the actual notice sent to consumers can be found here):
This letter serves as notification from Medical Healthcare Solutions, Inc. (MHS), which provides surgical billing services to physician groups, that a recent cyber incident by an unauthorized individual on our network may have affected the privacy of some of your Protected Health Information (PHI). The privacy and security of the personal information we maintain is of the utmost importance to MHS. We are providing the following details of the incident and steps taken to provide you with increased protection and ongoing support.
What Happened? On November 19, 2021, MHS discovered that an unauthorized party removed certain files from our network between October 1 and 4, 2021. After an extensive forensic investigation, on January 8, 2022, MHS identified a final list of impacted PHI, which included your information.
What We Are Doing. MHS immediately locked down our network data system, launched a comprehensive investigation utilizing third-party computer specialists, and notified law enforcement. MHS has since stabilized and reopened the network, and implemented additional security measures to further protect our data system.
What Information Was Involved? The impacted PHI data may have included your name and the following information from medical care that you received from the physicians group <>. The impacted PHI includes: <>.
<> provides physician services at the following hospitals where you may have received care, including but not limited to: Beth Israel Deaconess Medical Center, Beth Israel Deaconess Hospital – Plymouth, Beth Israel Deaconess Hospital – Needham, Beth Israel Deaconess Hospital – Milton, Anna Jaques Hospital, and Mount Auburn Hospital.
What You Can Do. MHS is providing potentially impacted individuals free access to 24 months of credit monitoring and identity protection services. Information about how to enroll in these services is included in the attached Steps You Can Take To Protect Your Information. This letter also provides other precautionary measures you can take to protect your personal information, including placing a Fraud Alert or Security Freeze on your credit files, and obtaining a free credit report. In addition, we are offering best practices to protect your medical information.
For More Information. Protecting the privacy of PHI is the top priority for MHS. We apologize for any concerns this situation may have caused you. We will continue to take every precaution to protect your personal information, and support your ability to monitor and protect your information moving forward.
MHS has also established a dedicated assistance line at 855-675-3125, 9am – 9pm Eastern Time, Monday through Friday (excluding major U.S. holidays), or you may write to us at P.O. Box 3160, Andover, MA 01810-0803.