Family Healthcare Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Family HealthCare Center in Fargo, North Dakota, experienced a data breach due to an incident at Brady Martz & Associates, its third-party service provider. The breach, which occurred on November 19, 2022, was detected promptly by Brady Martz, which then took immediate steps to secure its systems and engage independent cybersecurity experts. The breach affected over 53,000 individuals, including certain employees and patients of Family HealthCare[1][4][19].

Brady Martz & Associates, headquartered in North Dakota, provides tax-related services, audit and financial guidance, bookkeeping, and payroll assistance to clients across the country. The information potentially accessed during the incident included patient and/or employee names, dates of birth, ages, phone numbers, financial account information, health insurance information, patient account numbers, Social Security numbers, and information regarding care received at a Family HealthCare facility[1][4].

Family HealthCare reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights, as required by law. The breach was officially listed on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal with a submission date of January 11, 2024, indicating that 6,457 individuals were affected by a hacking/IT incident involving a network server[2].

In response to the breach, Brady Martz is notifying all impacted individuals by letter to inform them of the incident and to identify steps they can take to protect themselves from potential misuse of their information. These steps include contacting the three major credit reporting agencies to place a fraud alert on their credit reports and monitoring medical records and health insurance claims for any signs of medical identity theft[1][10].

Family HealthCare has also provided additional resources and recommendations for protecting personal information, such as placing a security freeze on credit files and filing a complaint with the Federal Trade Commission if personal information has been used fraudulently[1].

This incident underscores the importance of cybersecurity measures and the need for vigilance by both organizations and individuals in protecting sensitive personal and health information.

Citations:

  1. https://famhealthcare.org/data-breach/
  2. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  3. https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
  4. https://www.databreaches.net/family-healthcare-notifying-patients-of-november-2022-breach-at-brady-martz-associates/
  5. https://famhealthcare.org
  6. https://www.hipaajournal.com/hipaa-violation-cases/
  7. https://beyondmachines.net/event_details/family-healthcare-center-reports-third-party-data-breach-d-t-b-f-f
  8. https://www.hipaajournal.com/2022-healthcare-data-breach-report/
  9. https://www.hhs.nd.gov/health/regulation-licensure-and-certification/health-facilities-unit/health-facility-concerns
  10. https://www.inforum.com/business/announcements/information-regarding-data-breach-5e83ae11f947440c4cb0b110-659f1c62e013b0bd726ab4be
  11. https://www.idstrong.com/sentinel/dhs-confirms-nearly-9-million-patients-exposed-by-pja/
  12. https://www.hipaajournal.com/july-2023-healthcare-data-breach-report/
  13. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  14. https://hcahealthcare.com/about/privacy-update.dot
  15. https://www.hipaajournal.com/singing-river-health-system-ransomware/
  16. https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
  17. https://attorneygeneral.nd.gov/consumer-resources/data-breach-notices/
  18. https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches
  19. https://www.calhipaa.com/data-breaches-at-singing-river-health-system-fincantieri-marine-group-highlands-oncology-group-family-healthcare-and-senior-scripts/
  20. https://www.hhs.nd.gov/hipaa
Breach Submission Date Jan 11, 2024
Converted Entity Name Family Healthcare Center
Converted Entity Type Healthcare Provider
State ND
Individuals Affected 6,457
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes