Foundcare, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

FoundCare, Inc. Data Breach

FoundCare, Inc., a community health center located in West Palm Beach, Florida, experienced a data breach that was first identified on September 2, 2022, when suspicious activity was detected within its email environment. The organization responded by engaging cybersecurity experts to conduct a thorough investigation. The investigation concluded on October 18, 2022, and confirmed that an unauthorized party had gained access to several employee email accounts[1][4].

Breach Details

The data breach at FoundCare, Inc. impacted 14,194 patients. The types of information that may have been compromised include:

  • First and last names

  • Addresses

  • Email addresses
  • Credit card numbers
  • Social Security numbers
  • Protected health information
  • Dates of birth
  • Passport numbers
  • Other unique identification numbers issued on a government document used to verify identity[1][4].

Response and Measures Taken

Upon discovering the breach, FoundCare, Inc. sent out data breach letters to all affected individuals on December 16, 2022, informing them of the incident and advising them on how to protect themselves from identity theft and other potential frauds. The organization has also implemented additional security measures, such as:

  • Turning on Multi-Factor Authentication (MFA) for all users of FoundCare.org

  • Blocking all basic authentication methods for FoundCare.org users

  • Turning on an Outlook security feature that alerts users when receiving an email from a new address
  • Reviewing all firewalls to ensure no unregulated access
  • Continuous phishing awareness training for all staff[4].

Furthermore, FoundCare is offering complimentary credit monitoring and identity theft protection services to the potentially affected individuals[4].

Legal and Compliance Aspects

FoundCare, Inc. has reported the data breach to the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR), as required by law. The organization has also notified at least one state Attorney General to ensure that the public can begin to protect itself[11]. If the investigation reveals that FoundCare was negligent in handling patient information, affected individuals may have the option to pursue a data breach lawsuit against the company[1].

Recommendations for Affected Individuals

FoundCare, Inc. encourages all individuals to remain vigilant against incidents of identity theft and fraud, to review their account statements, and to monitor their credit reports for suspicious or unauthorized activity. They also recommend contacting financial institutions and major credit bureaus to inform them of the incident and to follow any recommended steps, which may include placing a fraud alert on the individual’s account[4].

Contact Information

For more information or questions about the incident, affected individuals can contact FoundCare, Inc. directly or utilize the dedicated toll-free helpline provided by the organization[4].

Citations:

  1. https://www.jdsupra.com/legalnews/foundcare-inc-files-notice-of-data-6627780/
  2. https://foundcare.org/compliance
  3. https://healthitsecurity.com/news/louisiana-health-system-notifies-270k-of-healthcare-data-breach
  4. https://foundcare.org/images/pdf/Notice_of_Data_Security_Incident.pdf
  5. https://foundcare.org/images/FINAL_Notice_of_Privacy_Practices_8.5X11.pdf
  6. https://www.hipaajournal.com/december-2022-healthcare-data-breach-report/
  7. https://foundcare.org/rivierabeach
  8. https://www.wfla.com/news/florida/nearly-10-of-floridians-had-health-records-hacked-in-2022-hhs-reports/
  9. https://www.wfla.com/news/florida/the-biggest-health-care-data-breaches-you-should-know-about-in-florida/
  10. https://www.hipaajournal.com/lake-charles-memorial-health-system-cyberattack-affects-almost-270000-patients/
  11. https://colevannote.com/data-breach-foundcare-inc/
  12. https://networkassured.com/security/worst-us-states-for-data-breaches/
  13. https://stacker.com/florida/biggest-health-care-data-breaches-you-should-know-about-florida
Breach Submission Date Dec 16, 2022
Converted Entity Name Foundcare, Inc.
Converted Entity Type Healthcare Provider
State FL
Individuals Affected 14,194
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes