Intellihartx, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Intellihartx, LLC, a Tennessee-based healthcare revenue cycle management company, experienced a significant data breach due to a cyberattack on its secure file transfer service provider, Fortra. The breach, which occurred in late January 2023, was part of an attack by the Clop ransomware group that exploited a vulnerability in Fortra’s GoAnywhere Managed File Transfer (MFT) solution[4].
The compromised data included sensitive personal information such as names, addresses, medical billing and insurance information, certain medical information like diagnoses and medications, as well as demographic details including dates of birth and Social Security numbers[1][4][7]. The breach affected approximately 490,000 patients of Intellihartx’s healthcare clients[4].
Intellihartx began notifying affected individuals in June 2023, offering complimentary credit monitoring and identity restoration services for 24 months[3]. The company also took steps to harden its security measures and cooperated with federal law enforcement in response to the incident[3].
A class-action lawsuit was filed against Intellihartx, alleging that the company failed to properly secure and safeguard the protected health information of the plaintiffs and class members, did not adequately supervise its business associates, and did not detect the data breach in a timely manner[4]. The lawsuit claims that Intellihartx was aware of the vulnerability on January 29, 2023, suggesting that the breach could have been prevented or its severity limited[4].
Affected individuals were advised to remain vigilant against identity theft and fraud by reviewing their account statements and monitoring their credit reports[1]. They were also encouraged to enroll in the offered credit monitoring services and to take additional steps to protect their personal information[3][5][6][8].
Citations:
- https://triblive.com/local/regional/upmc-contractor-detects-patient-data-breach/
- https://www.zoominfo.com/c/intellihartx-llc/359116212
- https://ago.vermont.gov/sites/ago/files/2023-06/2023-06-08%20Intellihartx%20Data%20Breach%20Notice%20to%20Consumers.pdf
- https://www.hipaajournal.com/intellihartx-class-action-lawsuit-490k-record-data-breach/
- https://www.legalserviceslink.com/articles/viewArticle/intellihartx-llc-itx-data-breach-compromises-489000-patients/
- https://www.jdsupra.com/legalnews/intellihartx-inc-notifies-489k-patients-6046806/
- https://www.databreaches.net/intellihartx-notifies-490000-patients-of-fortra-goanywhere-breach/
- https://itsecuritywire.com/news/approximately-a-half-million-social-security-numbers-leaked-in-a-data-breach-at-intellihartx-llc/
- https://www.coxhealth.com/newsroom/statement-on-data-incident-with-billing-vendor/
- https://www.news-leader.com/story/news/local/ozarks/2023/06/22/some-coxhealth-patients-affected-by-large-scale-data-breach/70342679007/
- https://www.msdlegal.com/blog/2023/06/intellihartx-llc-data-breach-class-action-lawsuit-investigation/
- https://www.ky3.com/2023/06/21/your-side-coxhealth-data-breach-impacts-potentially-thousands-patients/
- https://www.atlanticare.org/about-us/notice-of-third-party-security-incident-impacting-atlanticare-patient-data
- https://www.post-gazette.com/business/healthcare-business/2023/06/12/possible-data-breach-25-000-upmc-patients-intellihartx/stories/202306120094