DotHouse Health Incorporated

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

DotHouse Health Incorporated, a healthcare provider based in Dorchester, Massachusetts, experienced a significant data breach that impacted approximately 10,000 patients. The breach was first detected in late November 2022 when DotHouse discovered suspicious activity on their network. An investigation revealed that an unauthorized party had accessed and likely downloaded patient data between October 21, 2022, and November 27, 2022[4]. The compromised information varied by individual but may have included full names, addresses, dates of birth, medical record numbers, diagnoses/conditions, medications, other treatment information, and claims data[1][4].

On January 27, 2023, DotHouse Health filed a notice of the data breach with the U.S. Department of Health and Human Services Office for Civil Rights. The breach notification letters began to be sent out to the affected individuals, informing them of the incident and the types of information that were potentially compromised[1]. The breach was part of a larger trend of healthcare data breaches, with DotHouse Health being one of several healthcare providers affected by hacking/IT incidents during that period[3].

The breach was attributed to the AlphV (aka BlackCat) ransomware group, which added DotHouse Health to their leak site in an attempt to pressure the organization into paying a ransom. However, as of the time of the report, there was no evidence that any patient data had been leaked online[4]. DotHouse Health took steps to secure its systems and launched an investigation with the help of third-party data review specialists. They also advised impacted patients to monitor their account statements, credit reports, and explanations of benefits for unusual activity[7].

In response to the breach, DotHouse Health has been enhancing its existing policies and procedures and implementing additional administrative and technical safeguards to improve information security[7]. The incident has also attracted the attention of legal professionals, with Migliaccio & Rathod LLP investigating DotHouse Health for the apparent failure to protect patient data[6].

This breach underscores the ongoing challenges healthcare providers face in securing patient information against unauthorized access and cyberattacks. It also highlights the importance of timely and transparent communication with affected individuals and the implementation of robust cybersecurity measures to prevent future incidents.

Citations:

  1. https://www.jdsupra.com/legalnews/dothouse-health-inc-announces-data-4952900/
  2. http://www.dorchesterhouse.org/Website%20Notice%20-1-27-23%20LogoB.htm
  3. https://www.hipaajournal.com/january-2023-healthcare-data-breach-report/
  4. https://www.databreaches.net/ma-dothouse-health-discloses-data-breach-has-yet-to-send-letters-to-patients/
  5. https://www.hipaajournal.com/hipaa-breaches/
  6. https://classlawdc.com/2023/02/14/dothealth_data_breach/
  7. https://healthitsecurity.com/news/nearly-63k-impacted-by-healthcare-data-breach-from-exploited-web-server
  8. https://www.hipaajournal.com/rise-interactive-media-analytics-dothouse-health-and-reventics-hacked/
  9. https://www.calhipaa.com/cyber-attacks-reported-by-rise-interactive-media-analytics-reventics-dothouse-health-and-commonspirit-health/
  10. https://www.linkedin.com/pulse/data-breach-dothouse-health-what-you-need-know-edward-technology?trk=organization_guest_main-feed-card_feed-article-content
  11. https://casetext.com/case/blank-v-united-states-13
Breach Submission Date Jan 27, 2023
Converted Entity Name DotHouse Health Incorporated
Converted Entity Type Healthcare Provider
State MA
Individuals Affected 10,000
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes