Avem Health Partners
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Avem Health Partners, an Oklahoma-based company providing administrative and technology services to healthcare organizations, experienced a significant data breach due to a cybersecurity incident at 365 Data Centers, a vendor used by a third-party service provider engaged by Avem. The breach was first detected by 365 Data Centers on May 16, 2022, with unauthorized access to their servers occurring prior to May 14, 2022. Avem was notified of this incident on September 9, 2022, and subsequently conducted a review of the files stored on the affected servers. This review, completed on October 6, 2022, revealed that sensitive patient information was compromised, including names, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and details regarding diagnosis and treatment[1].
The breach has impacted over 270,000 individuals, making it a significant incident in terms of scale and sensitivity of the data involved[3]. In response to the breach, Avem Health Partners has begun the process of mailing letters to affected patients and offering complimentary credit monitoring and identity theft protection services to those whose Social Security numbers or driver’s license numbers were involved. A dedicated toll-free call center has also been established to address patient inquiries[1].
Legal actions have been initiated in response to the breach. Oklahoma-based law firm Federman & Sherwood filed the first data breach class action lawsuit against Avem Health Partners, indicating the legal ramifications and the seriousness of the breach[7]. Investigations into the breach are ongoing, with law firms and possibly regulatory bodies examining the circumstances that led to the incident and the measures taken by Avem Health Partners and its vendors to protect sensitive patient information[2][3].
This incident underscores the vulnerabilities in the healthcare sector to cyberattacks, especially those involving third-party vendors. It also highlights the importance of robust cybersecurity measures and the need for continuous evaluation of vendor relationships and their security practices to protect sensitive health information[4][5].
Citations:
- https://avemhealth.com/AvemWebsiteNotice.pdf
- https://www.businesswire.com/news/home/20221219005654/en/Federman-Sherwood-Investigates-Avem-Health-Partners-for-Data-Breach
- https://www.thelyonfirm.com/blog/avem-health-partners-data-breach-investigation/
- https://www.paubox.com/blog/avem-health-partners-experienced-a-third-party-breach
- https://healthitsecurity.com/news/third-party-data-breach-impacts-271k-at-oklahoma-healthcare-administrative-tech-services-company
- https://www.jdsupra.com/legalnews/avem-health-partners-files-notice-of-3638798/
- https://www.businesswire.com/news/home/20221229005293/en/Oklahoma-based-Law-Firm-Federman-Sherwood-Files-First-Data-Breach-Class-Action-Lawsuit-Against-Avem-Health-Partners-Inc.
- https://www.idstrong.com/data-breaches/avem-health-breach/
- https://shublawyers.com/current-cases/avem-data-breach/
- https://www.hipaajournal.com/avem-health-partners-emory-healthcare-data-breaches/