DotHouse Health Incorporated
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
DotHouse Health Incorporated, a healthcare provider based in Dorchester, Massachusetts, experienced a significant data breach that impacted approximately 10,000 patients. The breach was first detected in late November 2022 when DotHouse discovered suspicious activity on their network. An investigation revealed that an unauthorized party had accessed and likely downloaded patient data between October 21, 2022, and November 27, 2022[4]. The compromised information varied by individual but may have included full names, addresses, dates of birth, medical record numbers, diagnoses/conditions, medications, other treatment information, and claims data[1][4].
On January 27, 2023, DotHouse Health filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights. The breach notification letters began to be sent out to the affected individuals, informing them of the incident and the types of information that were potentially compromised[1]. The breach was part of a larger trend of healthcare data breaches, with DotHouse Health being one of several healthcare providers affected by hacking/IT incidents during that period[3].
The breach was attributed to the AlphV (aka BlackCat) ransomware group, which added DotHouse Health to their leak site in an attempt to pressure the organization into paying a ransom. However, as of the time of the report, there was no evidence that any patient data had been leaked online[4]. DotHouse Health took steps to secure its systems and launched an investigation with the help of third-party data review specialists. They also advised impacted patients to monitor their account statements, credit reports, and explanations of benefits for unusual activity[7].
In response to the breach, DotHouse Health has been enhancing its existing policies and procedures and implementing additional administrative and technical safeguards to improve information security[7]. The incident has also attracted the attention of legal professionals, with Migliaccio & Rathod LLP investigating DotHouse Health for the apparent failure to protect patient data[6].
This breach underscores the ongoing challenges healthcare providers face in securing patient information against unauthorized access and cyberattacks. It also highlights the importance of timely and transparent communication with affected individuals and the implementation of robust cybersecurity measures to prevent future incidents.
Citations:
- https://www.jdsupra.com/legalnews/dothouse-health-inc-announces-data-4952900/
- http://www.dorchesterhouse.org/Website%20Notice%20-1-27-23%20LogoB.htm
- https://www.hipaajournal.com/january-2023-healthcare-data-breach-report/
- https://www.databreaches.net/ma-dothouse-health-discloses-data-breach-has-yet-to-send-letters-to-patients/
- https://www.hipaajournal.com/hipaa-breaches/
- https://classlawdc.com/2023/02/14/dothealth_data_breach/
- https://healthitsecurity.com/news/nearly-63k-impacted-by-healthcare-data-breach-from-exploited-web-server
- https://www.hipaajournal.com/rise-interactive-media-analytics-dothouse-health-and-reventics-hacked/
- https://www.calhipaa.com/cyber-attacks-reported-by-rise-interactive-media-analytics-reventics-dothouse-health-and-commonspirit-health/
- https://www.linkedin.com/pulse/data-breach-dothouse-health-what-you-need-know-edward-technology?trk=organization_guest_main-feed-card_feed-article-content
- https://casetext.com/case/blank-v-united-states-13