Kannact, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In June 2023, Kannact, Inc., a software company based in Albany, Oregon, experienced a significant data breach that affected over 103,000 individuals. The breach was first discovered on March 13, 2023, when unauthorized access to Kannact’s computer network was detected. A subsequent investigation, conducted with the assistance of a third-party cybersecurity firm, confirmed that sensitive consumer data had been accessed by one or more unauthorized parties. The compromised data included a range of personal and protected health information (PHI), such as names, Social Security Numbers, dates of birth, addresses, phone numbers, driver’s license numbers, and health information including medical diagnoses and treatment details[1][4].

Kannact, which specializes in providing health plan solutions and support to employers, including fostering relationships between employees and healthcare coaches, took immediate steps to secure its IT network upon discovering the breach. The company also began reviewing the affected files to determine the extent of the information compromised and which consumers were impacted. As a result of these findings, Kannact sent out data breach notification letters to all individuals whose information was compromised, advising them of the breach and suggesting steps to protect themselves from potential fraud or identity theft[1].

The breach has raised significant concerns due to the sensitive nature of the information accessed, leading to a class action lawsuit against Kannact. The lawsuit alleges that the company failed to invest in adequate data security measures, potentially putting the personal and health information of over 100,000 health plan members at risk[5][6]. This incident underscores the challenges and risks associated with securing confidential information in the digital age, particularly for companies in the healthcare sector that handle sensitive personal and health data.

Kannact has since taken steps to mitigate the risk of future breaches, including disabling access to the third-party managed file transfer software implicated in the incident and deactivating all related API keys. The company has also engaged in efforts to improve its patient data ingestion process and has offered affected individuals complimentary credit monitoring and identity theft protection services[4][8].

Citations:

  1. https://www.jdsupra.com/legalnews/kannact-notifies-over-100k-individuals-1891528/
  2. https://kannact.com/blog
  3. https://www.teiss.co.uk/news/healthcare-tech-provider-kannact-says-data-breach-impacted-more-than-100000-individuals-12480
  4. https://healthitsecurity.com/news/digital-health-company-suffers-breach-103k-impacted
  5. https://www.bizjournals.com/portland/news/2023/08/07/kannact-health-tech-lawsuit.html
  6. https://www.classaction.org/kannact-data-breach-lawsuit
  7. https://original.newsbreak.com/@northeast-valley-news-1720708/3323148117439-maricopa-community-colleges-employees-including-minor-children-s-information-compromised-by-health
  8. https://www.hipaajournal.com/kannact-vincera-institute-fall-victim-to-cyberattacks/
  9. https://www.mass.gov/doc/assigned-data-breach-number-30592-kannact-inc/download
  10. https://www.smokesignals.org/articles/2023/08/31/tribal-health-plan-participants-notified-of-data-breach/
  11. https://www.ifaxapp.com/hipaa/cyberattacks-kannact-vincera-patient-data/
  12. https://www.myinjuryattorney.com/kannact-inc-data-breach-investigation/
Breach Submission Date Jun 20, 2023
Converted Entity Name Kannact, Inc.
Converted Entity Type Business Associate
State OR
Individuals Affected 103,547
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes