Foundcare, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
FoundCare, Inc. Data Breach
FoundCare, Inc., a community health center located in West Palm Beach, Florida, experienced a data breach that was first identified on September 2, 2022, when suspicious activity was detected within its email environment. The organization responded by engaging cybersecurity experts to conduct a thorough investigation. The investigation concluded on October 18, 2022, and confirmed that an unauthorized party had gained access to several employee email accounts[1][4].
Breach Details
The data breach at FoundCare, Inc. impacted 14,194 patients. The types of information that may have been compromised include:
-
First and last names
-
Addresses
- Email addresses
- Credit card numbers
- Social Security numbers
- Protected health information
- Dates of birth
- Passport numbers
- Other unique identification numbers issued on a government document used to verify identity[1][4].
Response and Measures Taken
Upon discovering the breach, FoundCare, Inc. sent out data breach letters to all affected individuals on December 16, 2022, informing them of the incident and advising them on how to protect themselves from identity theft and other potential frauds. The organization has also implemented additional security measures, such as:
-
Turning on Multi-Factor Authentication (MFA) for all users of FoundCare.org
-
Blocking all basic authentication methods for FoundCare.org users
- Turning on an Outlook security feature that alerts users when receiving an email from a new address
- Reviewing all firewalls to ensure no unregulated access
- Continuous phishing awareness training for all staff[4].
Furthermore, FoundCare is offering complimentary credit monitoring and identity theft protection services to the potentially affected individuals[4].
Legal and Compliance Aspects
FoundCare, Inc. has reported the data breach to the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR), as required by law. The organization has also notified at least one state Attorney General to ensure that the public can begin to protect itself[11]. If the investigation reveals that FoundCare was negligent in handling patient information, affected individuals may have the option to pursue a data breach lawsuit against the company[1].
Recommendations for Affected Individuals
FoundCare, Inc. encourages all individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious or unauthorized activity. They also recommend contacting financial institutions and major credit bureaus to inform them of the incident and to follow any recommended steps, which may include placing a fraud alert on the individual’s account[4].
Contact Information
For more information or questions about the incident, affected individuals can contact FoundCare, Inc. directly or utilize the dedicated toll-free helpline provided by the organization[4].
Citations:
- https://www.jdsupra.com/legalnews/foundcare-inc-files-notice-of-data-6627780/
- https://foundcare.org/compliance
- https://healthitsecurity.com/news/louisiana-health-system-notifies-270k-of-healthcare-data-breach
- https://foundcare.org/images/pdf/Notice_of_Data_Security_Incident.pdf
- https://foundcare.org/images/FINAL_Notice_of_Privacy_Practices_8.5X11.pdf
- https://www.hipaajournal.com/december-2022-healthcare-data-breach-report/
- https://foundcare.org/rivierabeach
- https://www.wfla.com/news/florida/nearly-10-of-floridians-had-health-records-hacked-in-2022-hhs-reports/
- https://www.wfla.com/news/florida/the-biggest-health-care-data-breaches-you-should-know-about-in-florida/
- https://www.hipaajournal.com/lake-charles-memorial-health-system-cyberattack-affects-almost-270000-patients/
- https://colevannote.com/data-breach-foundcare-inc/
- https://networkassured.com/security/worst-us-states-for-data-breaches/
- https://stacker.com/florida/biggest-health-care-data-breaches-you-should-know-about-florida