Healthback Holdings, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Healthback Holdings, LLC, a home healthcare company based in Chickasha, Oklahoma, experienced a significant data breach that was confirmed on July 29, 2022. The breach affected over 21,000 patients, compromising various types of sensitive patient data, including Social Security numbers, health insurance information, and clinical information. The unauthorized access to this data occurred after an unauthorized party gained access to an employee’s email account between October 5, 2021, and May 15, 2022. This incident led to the exposure of protected health information (PHI), which is any data related to a patient’s past, present, or future health condition or payment for healthcare services that contains identifiers linking the information to an individual.

Healthback Holdings operates over 30 locations in Oklahoma and Missouri, employs more than 300 people, and generates approximately $20 million in annual revenue. The company provides a range of home healthcare services, including skilled nursing, physical therapy, advanced wound care, occupational therapy, and speech therapy.

Upon discovering the breach, Healthback Holdings took immediate action by retaining a cybersecurity firm to investigate the incident. The investigation revealed that several employee email accounts were compromised. Healthback Holdings reviewed the affected email accounts, including all emails and attachments, to determine the scope of the compromised information and which consumers were impacted. The company then sent out data breach letters to 21,114 individuals whose information was compromised, informing them of the breach and advising them on steps to protect themselves from potential identity theft and fraud.

The breach has significant implications for the affected individuals, as the leaked protected health information could be used to commit healthcare identity fraud. This type of identity theft can be particularly challenging to resolve and may pose a greater cost to patients, not only financially but also in terms of their physical health. For example, a fraudster could use a victim’s data to obtain medical care, potentially leading to the victim’s medical records being mixed with incorrect information.

In response to the breach, Healthback Holdings has strengthened its email security protocols and provided additional training to employees on how to detect and avoid phishing emails. The company has also offered free credit monitoring and identity theft protection services to all affected individuals[1][2][4][9].

This incident underscores the importance of robust cybersecurity measures and employee training in protecting sensitive health information from unauthorized access and potential misuse.

Citations:

  1. https://www.jdsupra.com/legalnews/healthback-holdings-llc-announces-data-6933104/
  2. https://www.scmagazine.com/analysis/326k-aetna-members-involved-in-mailing-vendor-ransomware-fallout
  3. https://www.defensorum.com/data-breaches-at-healthback-holdings-city-of-newport-and-orthoarizona/
  4. https://www.hipaajournal.com/healthback-holdings-email-security-breach-affects-21000-individuals/
  5. https://healthitsecurity.com/topic/latest-health-data-breaches/P120
  6. https://www.hipaaguidelines101.com/data-breaches-at-healthback-holdings-city-of-newport-and-minuteman-senior-services/
  7. https://www.turkestrauss.com/2022/08/03/healthback-holdings-data-breach-investigation/
  8. https://www.msdlegal.com/blog/2022/08/healthback-holdings-llc-data-breach-class-action-investigation/
  9. https://healthitsecurity.com/news/oklahoma-home-health-company-reports-email-security-breach-21k-impacted
  10. https://www.databreaches.net/roundup-four-more-breaches-in-the-healthcare-sector-healthback-holdings-zenith-american-solutions-bronx-accountable-healthcare-network-and-centerstone/
  11. https://www.beckershospitalreview.com/cybersecurity/more-than-21-000-affected-in-healthback-data-breach.html
  12. https://twitter.com/Injury_Law/status/1555654402987331584
Breach Submission Date Jul 29, 2022
Converted Entity Name Healthback Holdings, LLC
Converted Entity Type Healthcare Provider
State OK
Individuals Affected 21,114
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes