LGAA, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
LGAA, LLC, a company based in Cedar City, Utah, experienced a security breach that was publicly disclosed on March 1, 2022. This incident potentially impacted the privacy of a limited amount of personal information belonging to certain individuals associated with LGAA and its affiliated agencies, collectively known as “Leavitt.” The breach was first identified in March 2021 when LGAA’s data center discovered possible unauthorized access to some of the data stored on its systems. This data center manages information related to Leavitt’s clients and insurance plans for service and administration purposes.
A thorough investigation, assisted by a leading third-party cybersecurity firm, was initiated to confirm the nature and scope of the potential unauthorized access. It was determined that certain data relating to Leavitt’s employees, clients, and/or plan participants might have been accessed without authorization between approximately February 16 and March 18, 2021. To further understand the impact, an industry-leading data analytics firm conducted a detailed review to identify whether sensitive information was present in the impacted files and to whom that data pertained. This review was completed around September 23, 2021.
The types of personal information that could have been compromised include names, addresses, Social Security numbers, driver’s license or state identification numbers, medical information, health insurance information, and dates of birth. Despite the breach, Leavitt has stated that they are unaware of any misuse of the individual information affected by this incident. However, they have begun notifying potentially affected individuals and clients, as well as regulatory authorities as required, and are encouraging those impacted to remain vigilant against identity theft by monitoring their account statements, benefits explanations, and credit reports for any suspicious activity.
In response to the breach, Leavitt has reviewed and is enhancing its internal policies and procedures related to data protection and security. They have also provided potentially affected individuals with access to complimentary credit monitoring and identity restoration services through IDX for 12 months. For more information or assistance, affected individuals can contact Leavitt’s dedicated toll-free number or visit their designated website[1][5].
This incident is part of a larger trend of data breaches affecting various organizations, highlighting the ongoing challenges and importance of cybersecurity measures to protect sensitive personal information[2].
Citations:
- https://www.prnewswire.com/news-releases/re-lgaa-llc–notice-of-security-incident-301492075.html
- https://www.csoonline.com/article/567531/the-biggest-data-breach-fines-penalties-and-settlements-so-far.html
- https://www.doj.nh.gov/consumer/security-breaches/documents/lgaa-20220307.pdf
- https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart-utah.html
- https://apps.web.maine.gov/online/aeviewer/ME/40/a902ee40-e40d-4756-966e-e34dfa305581.shtml
- https://oag.ca.gov/privacy/databreach/list
- https://stacker.com/utah/biggest-health-care-data-breaches-you-should-know-about-utah
- https://dojmt.gov/consumer/databreach/
- https://apps.web.maine.gov/online/aeviewer/ME/40/list.shtml
- https://breachdata.topwords.me/states/UT
- https://www.coursesidekick.com/medicine/1399328