Arkansas Total Care, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Arkansas Total Care, Inc. experienced a data breach due to a cyber incident involving their vendor, Ricoh USA, Inc. On July 26, 2023, Arkansas Total Care was informed that Ricoh encountered a cyber incident that resulted in unauthorized access to member information. The types of member information involved in the breach included names, addresses, dates of birth, member IDs, Medicaid IDs and/or eligibility status, gender, phone numbers, diagnoses/conditions, social security numbers, and claims information[1].

Ricoh reported the incident to the Department of Homeland Security and took immediate action to address the system vulnerability that led to the breach. They initiated an incident response plan, engaged cybersecurity firms with experience in such matters, and cooperated with the Arkansas Total Care investigation[1].

Arkansas Total Care took steps to notify all impacted members by sending letters and provided information on how members can protect their information. They also provided contact information for the three nationwide credit reporting companies and advised on additional steps members can take, such as placing a fraud alert on their credit files and monitoring their credit reports[1].

For residents of various states, Arkansas Total Care provided specific advice and contact details for state offices that could assist with identity theft and obtaining police reports. They also informed members of their right to file a police report in the event of identity theft or fraud[1].

Arkansas Total Care expressed regret for any concern or inconvenience caused by the event and emphasized their commitment to the privacy and security of protected health information. They encouraged members to contact them for more information regarding the breach[1].

The breach was also reported to the HHS’ Office for Civil Rights as affecting 578 individuals[10].

Citations:

  1. https://www.arkansastotalcare.com/newsroom/Ricoh_Data_Breach.html
  2. https://healthitsecurity.com/news/arkansas-hospital-notifies-patients-of-healthcare-data-breach
  3. https://www.humana.com
  4. https://www.arkansastotalcare.com
  5. https://www.ozarksfirst.com/news/new-retailer-gabes-coming-to-springfield/
  6. https://www.kait8.com/2021/03/13/total-life-healthcare-data-breached-ransomware-attack/
  7. https://topclassactions.com/lawsuit-settlements/open-lawsuit-settlements/aspen-dental-management-unsolicited-texts-class-action-settlement/
  8. https://www.arkansastotalcare.com/members/interoperability-and-patient-access.html
  9. https://www.jointcommission.org
  10. https://www.hipaajournal.com/oak-valley-hospital-district-cyberattack-impacts-284k-patients/
  11. https://www.nar.realtor/about-nar/governing-documents/code-of-ethics/2024-code-of-ethics-standards-of-practice
  12. https://www.idstrong.com/sentinel/arkansas-health-system-discloses-data-breach/
  13. https://member.carefirst.com
  14. https://www.linkedin.com/posts/joshua-mckeever-b80684214_breach-report-activity-7113537966366453760-f1CW?trk=public_profile_share_view
  15. https://www.osha.gov
  16. https://arkadelphian.com/2023/08/04/the-biggest-health-care-data-breaches-you-should-know-about-in-arkansas-stacker/
  17. https://www.tricare.mil
Breach Submission Date Sep 21, 2023
Converted Entity Name Arkansas Total Care, Inc.
Converted Entity Type Health Plan
State AR
Individuals Affected 578
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes