Onix Group

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In late May 2023, the Onix Group, a Pennsylvania-based real estate company, disclosed that it had experienced a ransomware attack between March 20 and 27, 2023. This cybersecurity incident led to unauthorized access to the company’s network, resulting in the corruption of certain systems and the removal of a subset of files. The Onix Group, known for owning properties and providing management and consulting services in the hospitality and healthcare industries, reported that the breach compromised the information of nearly 320,000 individuals. The leaked data potentially included names, Social Security numbers, dates of birth, and detailed scheduling, billing, and clinical information related to care at facilities owned or operated by Addiction Recovery Systems, Cadia Healthcare, Physician’s Mobile X-Ray, Onix Group, and Onix Hospitality Group. Additionally, certain human resources information was compromised, including direct deposit and health plan enrollment information[1].

The breach has led to serious concerns about the potential financial, personal, and reputational consequences for the victims, given the sensitivity of the exposed information. Victims now face the risk of identity theft, fraud, and other forms of financial harm. The exposure of clinical information about addiction treatment and other healthcare services could also subject patients to harassment, blackmail, or public embarrassment[1].

In response to the incident, Onix Group took immediate action to secure its systems and launched an investigation with the help of cybersecurity experts. The company has mailed letters to affected individuals, opened a dedicated assistance line, and is offering complimentary credit monitoring and identity theft protection services. Onix Group has also taken steps to strengthen the security of its systems to prevent future incidents[3].

The breach has led to legal actions against Onix Group, including a class action lawsuit and a lawsuit filed by Eric Meyers in the U.S. District Court for the Eastern District of Pennsylvania. The lawsuits allege negligence, breach of contract, fiduciary duty, and unjust enrichment, highlighting the company’s failure to implement adequate safeguards to protect sensitive data[4][7].

This incident underscores the importance of robust cybersecurity measures and the need for companies to take immediate and transparent actions to mitigate the impact on affected individuals.

Citations:

  1. https://www.lawampm.com/onix-group-data-breach/
  2. https://www.turkestrauss.com/2023/06/02/onix-group-data-breach-investigation/
  3. https://www.prnewswire.com/news-releases/notice-of-data-security-incident-at-onix-group-llc-301836100.html
  4. https://www.paubox.com/news/onix-group-faces-class-action-lawsuit-following-major-data-breach
  5. https://www.darkreading.com/prnewswire2.asp?filter=3849&rkey=20230526NY12811
  6. https://www.hipaajournal.com/phi-of-320000-patients-affected-by-onix-group-ransomware-attack/
  7. https://www.ifaxapp.com/hipaa/onix-group-lawsuit-ransomware-data-breach/
  8. https://www.scmagazine.com/brief/separate-health-data-breaches-hit-onix-group-others
  9. https://www.teiss.co.uk/news/onix-group-says-march-ransomware-attack-impacted-more-than-300000-individuals-12404
  10. https://www.ifaxapp.com/hipaa/ransomware-onix-320k-patients/
  11. https://www.databreaches.net/onix-group-faces-3-lawsuits-in-addiction-center-breach/
  12. https://www.jdsupra.com/legalnews/onix-group-llc-announces-data-breach-4296104/
  13. https://healthitsecurity.com/news/business-associate-healthcare-data-breach-impacts-320k
Breach Submission Date May 26, 2023
Converted Entity Name Onix Group
Converted Entity Type Business Associate
State PA
Individuals Affected 319,500
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes