PeakMed

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

PeakMed, a healthcare provider based in Colorado, experienced a significant data breach that was first detected on August 30, 2023, following the discovery of suspicious activity on their systems. The breach was a result of an unauthorized party gaining access to an employee’s login credentials, which led to the exposure of sensitive patient information. This incident affected approximately 27,800 individuals[2][4].

The compromised data included a wide range of personal and health-related information such as names, addresses, Social Security numbers, driver’s license numbers, dates of birth, medical record numbers, financial account information, payment card information, electronic signatures, medical information, and health insurance information[4]. The unauthorized access occurred between July 24, 2023, and August 30, 2023[4].

Upon discovering the breach, PeakMed took immediate steps to secure their systems by resetting all employee passwords and implementing two-factor authentication for all staff accounts. They also conducted a thorough investigation to understand the scope of the breach and identify the information that was compromised[4][12].

PeakMed began notifying affected individuals on October 27, 2023, providing them with information about the breach and advice on how to protect themselves from potential fraud or identity theft. This included recommendations for monitoring their financial accounts, credit reports, and considering the use of credit monitoring services[4].

PeakMed is a membership-based medical practice offering primary care, urgent care, and pediatric care services. They operate on a model where members pay a flat monthly fee for unlimited access to healthcare services, aiming to provide affordable healthcare without copays or deductibles. At the time of the breach, PeakMed was headquartered in Colorado Springs, Colorado, and employed approximately 50 individuals[7].

This breach is part of a larger trend of cybersecurity incidents affecting healthcare providers, highlighting the critical importance of robust security measures to protect sensitive health information from unauthorized access and potential misuse[2][12].

Citations:

  1. https://peakmed.com/security-notice/
  2. https://www.reddit.com/r/hipaaviolations/comments/17xchr7/healthcare_data_breach_roundup_november_16_2023/
  3. https://peakmed.sa/terms-conditions/
  4. https://www.jdsupra.com/legalnews/peakmed-colorado-posts-notice-of-data-6865635/
  5. https://dojmt.gov/consumer/databreach/
  6. https://www.d11.org/employees/employee-benefits/peakmed
  7. https://www.turkestrauss.com/2023/11/01/peakmed-data-breach-investigation/
  8. https://www.linkedin.com/posts/hipaa-journal_qr-codes-increasingly-used-in-phishing-attacks-activity-7122597612813193217-Jj7I
  9. https://www.jdsupra.com/personal-injury/zoning-planning-land-use/alternative-dispute-resolution/
  10. https://www.myinjuryattorney.com/data-breach-investigation-peakmed-colorado/
  11. https://breachdata.topwords.me/states/CO?limit=20&offset=0&sort=reported_date
  12. https://www.defensorum.com/data-breaches-at-medical-eye-services-peakmed-prospect-medical-services-and-4-more-healthcare-providers/
  13. https://newstral.com/en/article/en/1246227622/peakmed-colorado-posts-notice-of-data-breach-impacting-more-than-27k-patients
  14. https://www.hipaajournal.com/healthcare-data-breach-round-up-november-16-2023/
  15. https://www.hipaajournal.com/october-2023-healthcare-data-breach-report/
Breach Submission Date Oct 27, 2023
Converted Entity Name PeakMed
Converted Entity Type Healthcare Provider
State CO
Individuals Affected 27,800
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes