NuLife Med, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

NuLife Med, LLC, a New Hampshire-based medical equipment company specializing in devices for recovery from orthopedic and podiatric surgeries, experienced a significant data breach in March 2022. The breach was first identified due to suspicious activity on the company’s computer network on March 11, 2022. A forensic investigation revealed that hackers had access to the network between March 9 and March 11, 2022, potentially viewing or taking sensitive information[1][8].

The compromised data included a wide range of personally identifiable information (PII) and protected health information (PHI), such as medical and health insurance information, names, dates of birth, home addresses, phone numbers, Social Security numbers, and email addresses[3]. Despite the breach, there have been no reports of fraudulent misuse of the information potentially impacted by this event[5].

In response to the breach, NuLife Med took immediate action to investigate and respond to the event, assess the security of their systems, and identify any impacted data. They also notified federal law enforcement about the incident. As a precaution, NuLife Med arranged for affected individuals to enroll, at no cost, in an online credit monitoring service for 12 months provided by TransUnion Interactive[5].

Following the breach, a class action lawsuit was filed against NuLife Med, alleging that the company failed to properly secure and safeguard patient information. NuLife Med agreed to a settlement to resolve claims without admitting any wrongdoing. The settlement offers credit monitoring or monetary payments to class members who file valid claims demonstrating documented proof of loss[2][3]. The settlement benefits include one year of free credit monitoring services or a check worth up to $25 for affected patients and potential patients[7].

The final approval hearing for the settlement was scheduled for June 5, 2023, with a claim submission deadline of June 20, 2023[7]. This incident is part of a larger trend of data breaches affecting medical facilities, highlighting the ongoing challenges in securing sensitive health information against cyber threats[4].

Citations:

  1. https://www.hipaajournal.com/nulife-med-settles-class-action-data-breach-lawsuit/
  2. https://topclassactions.com/lawsuit-settlements/open-lawsuit-settlements/nulife-med-data-breach-class-action-settlement/
  3. https://www.nulifemedclasssettlement.com
  4. https://indepthnh.org/2022/09/09/data-for-150000-people-potentially-exposed-in-medical-facility-leaks-in-n-h/
  5. https://ago.vermont.gov/sites/ago/files/2023-01/2022-12-19-NuLife-Med-Data-Breach-Notice-to-Consumers.pdf
  6. https://www.scmagazine.com/analysis/refuahhealth-informs-261k-patients-of-may-2021-network-data-theft
  7. https://topclassactions.com/lawsuit-settlements/closed-settlements/nulife-med-data-breach-class-action-settlement/
  8. https://www.jdsupra.com/legalnews/nulife-med-llc-announces-data-breach-8177501/
  9. https://www.businessnhmagazine.com/article/medical-data-for-150ampcomma000-nh-residents-possibly-exposed
  10. https://www.nulifemedclasssettlement.com/submit-claim
  11. https://apps.web.maine.gov/online/aeviewer/ME/40/ed2c39c1-9cd8-4b01-b0d1-e5d133603a50.shtml
Breach Submission Date Jul 25, 2022
Converted Entity Name NuLife Med, LLC
Converted Entity Type Business Associate
State NH
Individuals Affected 3,805
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes