Parker-Hannifin Corporation Group Health Plans

The Parker-Hannifin Corporation, a Cleveland, Ohio-based manufacturer specializing in motion and control technologies, experienced a significant data breach affecting its Group Health Plans. This incident, which occurred between March 11 and March 14, 2022, was attributed to the Conti ransomware gang. The breach exposed sensitive personal and health information of nearly 120,000 group health plan members, making it one of the largest HIPAA breaches reported by a health plan to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) at the time[1][4].

Breach Details

The unauthorized access to Parker-Hannifin’s IT systems led to the potential exposure of a wide range of personal information. This included names, Social Security numbers, dates of birth, addresses, driver’s license numbers, U.S. passport numbers, financial and banking account information, online account usernames and passwords, health insurance plan member ID numbers, and dates of coverage. For some individuals, the breach also compromised dates of service, provider names, claims information, and medical and clinical treatment information[1][2][3].

Response and Legal Fallout

Upon discovering the breach, Parker-Hannifin immediately activated its incident response protocols, which included shutting down certain systems and launching an investigation with the assistance of forensic and cybersecurity professionals. The company notified law enforcement and began notifying affected individuals, offering them a two-year membership in Experian’s IdentityWorks for identity protection services[2][3].

The incident led to legal repercussions for Parker-Hannifin. A class action lawsuit was filed by employees in response to the data breach, alleging the compromise of personal identifying information and protected health information. Parker-Hannifin agreed to settle the lawsuit for $1.75 million, although the company denied any wrongdoing. The settlement agreement allowed for payments of up to $5,000 to individuals to cover out-of-pocket losses related to the data breach[6].

Industry Impact

The Parker-Hannifin data breach is a stark reminder of the cybersecurity risks facing the healthcare industry and the potential legal and financial consequences of such incidents. It underscores the importance of robust cybersecurity measures and incident response plans to protect sensitive personal and health information from unauthorized access and exploitation by cybercriminals[1][6].

This incident also highlights the evolving threat landscape, with ransomware attacks becoming increasingly common and sophisticated. Organizations in all sectors, especially those handling sensitive information, must stay vigilant and continuously update their security practices to mitigate the risk of similar breaches[1][2][3][6].

Citations:

1. https://www.govinfosecurity.com/2-health-plans-report-major-breaches-following-attacks-a-19105
2. https://www.safetydetectives.com/news/engineering-firm-discloses-data-breach-after-conti-ransomware-attack/
3. https://www.databreaches.net/parker-hannifin-discloses-breach-affecting-employee-health-plan-data/
4. https://portswigger.net/daily-swig/parker-hannifin-reveals-cyber-attack-exposed-sensitive-data-of-119-000-individuals
5. https://www.turkestrauss.com/2022/05/19/parker-hannifin-data-breach-investigation/
6. https://www.informationweek.com/cyber-resilience/data-breach-settlement-manufacturing-company-to-pay-1-75m-to-employees-
7. https://www.hipaajournal.com/parker-hannifin-cyberattack-affects-almost-120000-health-plan-members/
8. https://cybersafe.news/parker-hannifin-reveals-data-breach-after-ransomware-attack/
9. https://www.bleepingcomputer.com/news/security/engineering-firm-parker-discloses-data-breach-after-ransomware-attack/
10. https://fox8.com/news/the-biggest-health-care-data-breaches-you-should-know-about-in-ohio/
11. https://healthitsecurity.com/news/manufacturing-company-parker-hannifin-suffers-health-plan-cyberattack-120k-impacted
12. https://www.cleveland.com/news/2023/08/these-were-the-10-biggest-healthcare-data-breaches-in-ohio-last-year.html
13. https://www.secureworld.io/industry-news/parker-manufacturing-conti-ransomware