Phoenix Programs of Florida, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Phoenix Programs of Florida, Inc., which operates as Phoenix House Florida, experienced a data breach after several company email accounts were compromised. The breach occurred between July 13, 2021, and November 1, 2021, and was discovered on September 2, 2022. The organization filed an official notice of the breach with the Massachusetts Attorney General on October 21, 2022[1].

The compromised information includes consumers’ names, Social Security numbers, driver’s license numbers, dates of birth, credit/debit card numbers along with expiration dates and CVV/security codes, digitized or electronic signatures, Client IDs, and protected health information such as medical history, health conditions, treatments, diagnoses, and health insurance information[1].

Phoenix House Florida sent out data breach letters to all affected parties on October 19, 2022, informing them of the incident and advising them on how to protect themselves from potential identity theft and other frauds[1]. The total number of individuals affected by the breach was 6,805, including 3 Maine residents[2].

Phoenix House Florida is a nonprofit drug and alcohol rehabilitation facility with centers throughout the United States, headquartered in Brandon, Florida. The organization employs more than 2,700 people and generates approximately $101 million in annual revenue[1].

In response to the breach, Phoenix House Florida reset all email login credentials and engaged a third-party data security firm to investigate the incident. The investigation could not rule out that the unauthorized party viewed or removed information from the compromised email accounts[1].

Affected individuals were offered identity theft protection services for one year through Experian’s IdentityWorks Credit 3B[2]. It is recommended that those affected by the breach take steps to protect their personal information, such as enrolling in the offered credit monitoring service, changing passwords and security questions for online accounts, regularly reviewing account statements, monitoring credit reports, and placing a fraud alert with credit bureaus[7].

Citations:

  1. https://www.jdsupra.com/legalnews/phoenix-programs-of-florida-inc-6761591/
  2. https://apps.web.maine.gov/online/aeviewer/ME/40/3add7aae-b0c6-4124-b8ef-0116d91d8ade.shtml
  3. https://www.hipaajournal.com/hipaa-violation-cases/
  4. https://www.mass.gov/doc/assigned-data-breach-number-28448-phoenix-programs-of-florida-inc/download
  5. https://www.idstrong.com/sentinel/advanced-medical-management-data-breach/
  6. https://www.wfla.com/news/florida/nearly-10-of-floridians-had-health-records-hacked-in-2022-hhs-reports/
  7. https://www.turkestrauss.com/2022/10/27/phoenix-house-florida-data-breach-investigation/
  8. https://www.justice.gov/opa/pr/federal-court-orders-florida-pain-clinic-close-physician-and-clinic-owners-pay-civil
  9. https://floridaphoenix.com/2019/03/19/after-sexual-assault-at-florida-teen-prison-state-awards-firm-16m-deal/
  10. https://www.phoenixfl.org
  11. https://stacker.com/florida/biggest-health-care-data-breaches-you-should-know-about-florida
  12. https://www.guidestar.org/profile/59-3172948
  13. https://www.linkedin.com/company/phoenix-house-florida
Breach Submission Date Oct 21, 2022
Converted Entity Name Phoenix Programs of Florida, Inc.
Converted Entity Type Healthcare Provider
State FL
Individuals Affected 6,594
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes