Arkansas Total Care, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Arkansas Total Care, Inc. experienced a data breach due to a cyber incident involving their vendor, Ricoh USA, Inc. On July 26, 2023, Arkansas Total Care was informed that Ricoh encountered a cyber incident that resulted in unauthorized access to member information. The types of member information involved in the breach included names, addresses, dates of birth, member IDs, Medicaid IDs and/or eligibility status, gender, phone numbers, diagnoses/conditions, social security numbers, and claims information[1].
Ricoh reported the incident to the Department of Homeland Security and took immediate action to address the system vulnerability that led to the breach. They initiated an incident response plan, engaged cybersecurity firms with experience in such matters, and cooperated with the Arkansas Total Care investigation[1].
Arkansas Total Care took steps to notify all impacted members by sending letters and provided information on how members can protect their information. They also provided contact information for the three nationwide credit reporting companies and advised on additional steps members can take, such as placing a fraud alert on their credit files and monitoring their credit reports[1].
For residents of various states, Arkansas Total Care provided specific advice and contact details for state offices that could assist with identity theft and obtaining police reports. They also informed members of their right to file a police report in the event of identity theft or fraud[1].
Arkansas Total Care expressed regret for any concern or inconvenience caused by the event and emphasized their commitment to the privacy and security of protected health information. They encouraged members to contact them for more information regarding the breach[1].
The breach was also reported to the HHS’ Office for Civil Rights as affecting 578 individuals[10].
Citations:
- https://www.arkansastotalcare.com/newsroom/Ricoh_Data_Breach.html
- https://healthitsecurity.com/news/arkansas-hospital-notifies-patients-of-healthcare-data-breach
- https://www.humana.com
- https://www.arkansastotalcare.com
- https://www.ozarksfirst.com/news/new-retailer-gabes-coming-to-springfield/
- https://www.kait8.com/2021/03/13/total-life-healthcare-data-breached-ransomware-attack/
- https://topclassactions.com/lawsuit-settlements/open-lawsuit-settlements/aspen-dental-management-unsolicited-texts-class-action-settlement/
- https://www.arkansastotalcare.com/members/interoperability-and-patient-access.html
- https://www.jointcommission.org
- https://www.hipaajournal.com/oak-valley-hospital-district-cyberattack-impacts-284k-patients/
- https://www.nar.realtor/about-nar/governing-documents/code-of-ethics/2024-code-of-ethics-standards-of-practice
- https://www.idstrong.com/sentinel/arkansas-health-system-discloses-data-breach/
- https://member.carefirst.com
- https://www.linkedin.com/posts/joshua-mckeever-b80684214_breach-report-activity-7113537966366453760-f1CW?trk=public_profile_share_view
- https://www.osha.gov
- https://arkadelphian.com/2023/08/04/the-biggest-health-care-data-breaches-you-should-know-about-in-arkansas-stacker/
- https://www.tricare.mil