Eventus WholeHealth PLLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Eventus WholeHealth, PLLC, a healthcare provider based in Concord, North Carolina, experienced a data breach after an unauthorized party gained access to an employee’s email account. The breach was officially reported to the Attorney General of Montana on October 6, 2022, following the detection of suspicious activity on June 1, 2022. Eventus WholeHealth confirmed the unauthorized access on August 17, 2022, which compromised sensitive consumer information contained in emails and attachments. The specific types of information leaked have not been disclosed, but based on Montana’s data breach reporting requirements, it likely included Social Security numbers, financial account information, protected health information, or driver’s license/state identification numbers.

Eventus WholeHealth responded to the breach by terminating unauthorized access, engaging an external cybersecurity firm for investigation, and reviewing affected files to identify impacted consumers. Data breach notification letters were sent to all affected individuals, advising them on how to protect themselves from potential identity theft and fraud. The company, formed from a merger between OnsiteCare, Extended Care Specialist, and DoctorsMakingHouseCalls, specializes in providing primary care and mental health services to medically vulnerable adults in various living facilities. Employing over 311 people, Eventus WholeHealth generates approximately $13 million in annual revenue[1].

Montana law requires businesses to notify affected consumers if their personal information is compromised and to send a copy of this notification to the Office of Consumer Protection. This law aims to protect residents from the damaging and costly effects of data breaches, which can result from intentional hacking, criminal cyber-attacks, or human error[2].

For individuals who received a data breach notification, it is crucial to understand the risks and take appropriate measures to safeguard against fraud or identity theft. This may include monitoring account statements and credit reports, changing passwords, and considering legal options[1].

Citations:

  1. https://www.jdsupra.com/legalnews/eventus-wholehealth-pllc-reports-data-6515908/
  2. https://dojmt.gov/consumer/databreach/
  3. https://www.flashintel.ai/companies/Eventus-WholeHealth-f0900eb4a29021f0f61c998cf0e64b47/
  4. https://www.turkestrauss.com/2022/10/07/eventus-wholehealth-data-breach-investigation/
  5. https://oig.hhs.gov/fraud/enforcement/eventus-wholehealth-agreed-to-pay-327000-for-allegedly-violating-the-civil-monetary-penalties-law-by-submitting-claims-for-services-that-were-not-rendered-or-were-medically-unnecessary/
  6. https://www.databreaches.net/eventus-wholehealth-notifies-patients-of-breach/
  7. https://classlawdc.com/2022/10/17/mr-investigates-eventus-data-breach/
  8. https://eventuswholehealth.com
  9. https://eventuswholehealth.com/terms-conditions/
  10. https://www.hipaajournal.com/visionweb-data-breach-affects-up-to-35900-individuals/
Breach Submission Date Jul 29, 2022
Converted Entity Name Eventus WholeHealth PLLC
Converted Entity Type Healthcare Provider
State NC
Individuals Affected 1,707
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes