Independent Case Management, INC.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Independent Case Management, Inc. Data Breach

Independent Case Management, Inc. (ICM), an Arkansas-based nonprofit organization that provides in-home and community-based support to people with intellectual and developmental disabilities, experienced a data breach that was reported on August 3, 2022. The breach was classified as a hacking/IT incident and affected 3,307 individuals[7].

The ransomware attack was discovered when a ransom note dated December 24, 2021, was found on June 15, 2022. The unauthorized party managed to access and encrypt data on three servers containing historical employee and customer data. The compromised information included names, addresses, Social Security numbers, birth dates, health records, insurance plan information, payment information, Medicaid numbers, and employment files[10].

ICM began notifying affected individuals and recommended that they monitor their health insurance claims and financial account information for any signs of fraudulent activity. The organization also performed security scans of its systems and implemented additional security measures. Furthermore, ICM committed to providing additional security training to all employees and conducting periodic risk assessments to prevent future incidents[10].

For those affected by the breach, it is advisable to remain vigilant by reviewing account statements and credit reports, and considering placing a fraud alert on their credit files.

Citations:

  1. https://www.hipaajournal.com/cyberattacks-reported-by-independent-case-management-conifer-health-solutions/
  2. https://www.turkestrauss.com/2023/12/11/independent-living-systems-data-breach-investigation-2/
  3. https://www.hackmageddon.com/2022/09/08/1-15-august-2022-cyber-attacks-timeline/
  4. https://www.arkansasonline.com/news/2022/dec/30/nashville-hospital-hit-by-data-breach/
  5. https://www.idstrong.com/sentinel/arkansas-health-system-discloses-data-breach/
  6. https://www.hipaajournal.com/october-2023-healthcare-data-breach-report/
  7. https://arkadelphian.com/2023/08/04/the-biggest-health-care-data-breaches-you-should-know-about-in-arkansas-stacker/
  8. https://www.hhs.gov/about/news/2023/05/16/hhs-office-civil-rights-settles-hipaa-investigation-arkansas-business-associate-medevolve-following-unlawful-disclosure-phi-unsecured-server-350-000.html
  9. https://www.cisa.gov/forms/report
  10. https://healthitsecurity.com/news/several-orgs-impacted-by-email-security-breach-at-rcm-vendor
  11. https://apnews.com/article/blackbaud-data-breach-settlement-dba8fac12af30f74691c7af4fec69a14
  12. https://www.icm-inc.org/contact-us/
  13. https://www.defensorum.com/independent-case-management-conifer-health-solutions-report-cyberattacks/
  14. https://healthitsecurity.com/news/arkansas-hospital-notifies-patients-of-healthcare-data-breach
  15. https://store.samhsa.gov/sites/default/files/sma15-4215.pdf
  16. https://www.icm-inc.org
  17. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  18. https://www.securityweek.com/data-breach-at-independent-living-systems-impacts-4-million-individuals/
  19. https://www.hipaajournal.com/hipaa-breaches/
Breach Submission Date Aug 03, 2022
Converted Entity Name Independent Case Management, INC.
Converted Entity Type Healthcare Provider
State AR
Individuals Affected 3,307
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes