Family Healthcare Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Family HealthCare Center in Fargo, North Dakota, experienced a data breach due to an incident at Brady Martz & Associates, its third-party service provider. The breach, which occurred on November 19, 2022, was detected promptly by Brady Martz, which then took immediate steps to secure its systems and engage independent cybersecurity experts. The breach affected over 53,000 individuals, including certain employees and patients of Family HealthCare[1][4][19].
Brady Martz & Associates, headquartered in North Dakota, provides tax-related services, audit and financial guidance, bookkeeping, and payroll assistance to clients across the country. The information potentially accessed during the incident included patient and/or employee names, dates of birth, ages, phone numbers, financial account information, health insurance information, patient account numbers, Social Security numbers, and information regarding care received at a Family HealthCare facility[1][4].
Family HealthCare reported the incident to the U.S. Department of Health and Human Services Office for Civil Rights, as required by law. The breach was officially listed on the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal with a submission date of January 11, 2024, indicating that 6,457 individuals were affected by a hacking/IT incident involving a network server[2].
In response to the breach, Brady Martz is notifying all impacted individuals by letter to inform them of the incident and to identify steps they can take to protect themselves from potential misuse of their information. These steps include contacting the three major credit reporting agencies to place a fraud alert on their credit reports and monitoring medical records and health insurance claims for any signs of medical identity theft[1][10].
Family HealthCare has also provided additional resources and recommendations for protecting personal information, such as placing a security freeze on credit files and filing a complaint with the Federal Trade Commission if personal information has been used fraudulently[1].
This incident underscores the importance of cybersecurity measures and the need for vigilance by both organizations and individuals in protecting sensitive personal and health information.
Citations:
- https://famhealthcare.org/data-breach/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
- https://www.databreaches.net/family-healthcare-notifying-patients-of-november-2022-breach-at-brady-martz-associates/
- https://famhealthcare.org
- https://www.hipaajournal.com/hipaa-violation-cases/
- https://beyondmachines.net/event_details/family-healthcare-center-reports-third-party-data-breach-d-t-b-f-f
- https://www.hipaajournal.com/2022-healthcare-data-breach-report/
- https://www.hhs.nd.gov/health/regulation-licensure-and-certification/health-facilities-unit/health-facility-concerns
- https://www.inforum.com/business/announcements/information-regarding-data-breach-5e83ae11f947440c4cb0b110-659f1c62e013b0bd726ab4be
- https://www.idstrong.com/sentinel/dhs-confirms-nearly-9-million-patients-exposed-by-pja/
- https://www.hipaajournal.com/july-2023-healthcare-data-breach-report/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
- https://hcahealthcare.com/about/privacy-update.dot
- https://www.hipaajournal.com/singing-river-health-system-ransomware/
- https://www.hipaajournal.com/may-2023-healthcare-data-breach-report/
- https://attorneygeneral.nd.gov/consumer-resources/data-breach-notices/
- https://www.ekransystem.com/en/blog/real-life-examples-insider-threat-caused-breaches
- https://www.calhipaa.com/data-breaches-at-singing-river-health-system-fincantieri-marine-group-highlands-oncology-group-family-healthcare-and-senior-scripts/
- https://www.hhs.nd.gov/hipaa