Lifespire Services, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Lifespire Services, Inc., a New York-based organization that assists individuals with developmental disabilities, experienced a significant data breach that was first detected on February 8, 2022. The breach resulted in unauthorized access to the organization’s computer systems between January 14, 2022, and February 8, 2022[1][3][7].

The compromised data included highly sensitive personal and health information of approximately 15,375 individuals. The types of information exposed in the breach included names, addresses, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, bank account information, credit card information, medical diagnosis and treatment information, Medicare numbers, Medicaid numbers, and health insurance information[1][3][7].

Lifespire Services responded to the incident by suspending its network to prevent further unauthorized access and engaging a cybersecurity firm to investigate the breach. The company completed a comprehensive review of the affected files by October 7, 2022, and subsequently sent out data breach letters to all individuals whose information was compromised, informing them of the incident and advising them on steps to protect themselves from potential identity theft and fraud[1][3][7].

In addition to notifying affected parties, Lifespire Services offered free credit monitoring and identity protection services to those impacted by the breach. The organization also updated its policies and procedures related to network security to prevent similar incidents in the future[7].

Lifespire Services, Inc. was founded in 1951 and provides a range of services, including day habilitation, community habilitation, respite services, residential services, family support services, and counseling services. The organization operates 82 locations throughout New York City and additional services in Westchester, Ulster, and Greene County. It employs more than 55 people and generates approximately $67 million in annual revenue[1].

The breach at Lifespire Services, Inc. was part of a larger trend of healthcare data breaches reported in October 2022, which was the worst month of the year to date for such incidents, with more than 6 million records compromised across various organizations[2].

Citations:

  1. https://www.jdsupra.com/legalnews/lifespire-services-inc-reports-data-3300713/
  2. https://www.hipaajournal.com/october-2022-healthcare-data-breach-report/
  3. https://www.turkestrauss.com/2022/11/01/lifespire-services-data-breach-investigation/
  4. https://www.hipaajournal.com/235000-keystone-health-patients-affected-by-august-2022-cyberattack/
  5. https://www.mass.gov/doc/assigned-data-breach-number-28582-lifespire-services-inc/download
  6. https://www.idstrong.com/sentinel/lifespire-data-breach/
  7. https://www.hipaa.info/phi-exposed-due-to-data-breaches-at-lifespire-services-and-presbyterian-healthcare-services/
  8. https://casetext.com/case/samnath-v-lifespire-servs-inc
  9. https://www.idstrong.com/data-breaches/lifespire-breach/
  10. https://www.hipaaguidelines101.com/keystone-health-and-lifespire-services-patients-impacted-by-data-breaches/
Breach Submission Date Oct 07, 2022
Converted Entity Name Lifespire Services, Inc.
Converted Entity Type Healthcare Provider
State NY
Individuals Affected 15,375
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes