CompleteCare Health Network

CompleteCare Health Network (CCHN), a healthcare provider based in Bridgeton, New Jersey, experienced a significant cybersecurity incident in October 2023. On or around October 12, 2023, CCHN detected and stopped a sophisticated ransomware attack in which an unauthorized third party accessed some of the network’s computer systems[1][4][6][8]. The attackers may have exfiltrated personal data during the incident[1][6][8].

The data compromised in the breach varied by individual but may have included names, Social Security numbers, phone numbers, addresses, and medical information[2][4]. Over 313,000 individuals were potentially affected by the breach[2][8]. In response to the incident, CompleteCare Health Network disconnected the affected systems, initiated response protocols, and engaged third-party forensic specialists to secure the network and investigate the extent of the unauthorized activity[1][4][6].

CompleteCare Health Network began mailing notification letters to affected individuals on December 15, 2023[1][2][4][6][8]. The letters included a list of specific data elements that were impacted and offered complimentary credit monitoring and identity theft protection services to individuals whose personal identifiable information (PII) may have been compromised[1][6]. The network also revised its policies and procedures, network security software, and data storage and management practices. Additionally, the network environment has been under 24/7 monitoring by cybersecurity experts to mitigate the chance of a future incident[1].

The incident was reported to federal law enforcement for investigation[1][6]. To date, CompleteCare Health Network is unaware of any misuse of the involved information[1][6]. The healthcare provider operates several facilities across New Jersey and offers a range of healthcare-related services, including primary care, dental care, immunizations, and HIV services[2][4].

A class action lawsuit has been filed against CompleteCare Health Network over the cyberattack, alleging negligence in the protection of sensitive data and criticizing the delay in notifying affected individuals[16]. The lawsuit seeks to hold CCHN responsible for the breach and its consequences, including the potential risk of fraud and identity theft for the victims[5][16].

Citations:

1. https://completecarenj.org/about-completecare-nj/notice-of-cybersecurity-incident/
2. https://www.thelyonfirm.com/blog/completecare-health-network-data-breach-investigation/
3. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
4. https://www.jdsupra.com/legalnews/completecare-health-network-files-3534931/
5. https://www.classaction.org/media/bixler-v-completecare-health-network.pdf
6. https://www.prnewswire.com/news-releases/completecare-health-network-provides-notice-of-cybersecurity-incident-302017035.html
7. https://www.hipaajournal.com/december-2023-healthcare-data-breach-report/
8. https://www.hipaajournal.com/completecare-health-network-data-breach/
9. https://www.itgovernanceusa.com/blog/cyber-security-and-data-privacy-in-the-usa-january-1-7-2024
10. https://www.myinjuryattorney.com/completecare-health-network-data-breach-class-action-investigation-and-lawsuit-assistance/
11. https://www.nj.com/healthfit/2023/08/nj-hospital-data-breach-possibly-impacts-thousands-but-details-remain-scarce.html
12. https://www.forthepeople.com/blog/complete-care-health-network-data-breach-affects-over-300000-patients/
13. https://trellis.law/doc/201098730/motion-to-quash-submitted-by-ivory-alicia-r-costello-mains-llc-on-behalf-latia-colvin-against-azizeh-salloum-cn-complete-care-healthntwrk-cn-john-does-6-10-john-does-1-5-linked-filing
14. https://www.jdsupra.com/legalnews/complete-care-health-network-3874547/
15. https://www.myinjuryattorney.com/sysco-corporation-data-breach/
16. https://www.classaction.org/news/completecare-health-network-hit-with-class-action-over-cyberattack-announced-in-december-2023