Prime Healthcare

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Prime Healthcare, a health system based in Ontario, California, experienced a data breach due to a cyberattack on its revenue cycle management vendor, CBIZ KA Consulting Services, LLC (CBIZ KA). The breach was linked to the exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer solution by the Clop hacking group in late May 2023. Prime Healthcare was notified of the breach on September 20, 2023, and confirmed that the stolen files contained sensitive patient information, including names, dates of birth, addresses, medical record numbers, Social Security Numbers, admission dates, and discharge dates[1].

The breach affected nine of Prime Healthcare’s hospitals, which include Saint Clare’s Hospital, Saint Michael’s Medical Center, and St. Mary’s General Hospital in New Jersey; Roxborough Memorial Hospital, Lower Bucks Hospital, and Suburban Community Hospital in Pennsylvania; Garden City Hospital and Lake Huron Medical Center in Michigan; and Landmark Medical Center in Rhode Island. Prime Healthcare operates a total of 45 hospitals, but only these nine were impacted by the breach[1].

As a response to the incident, Prime Healthcare has offered complimentary credit monitoring and identity protection services to individuals whose Social Security numbers were involved in the breach[1].

Additionally, Keenan & Associates, the third-party administrator of Prime Healthcare’s employee benefit health plan, also experienced a cybersecurity incident. This incident, which occurred between August 21, 2023, and August 27, 2023, did not involve Prime Healthcare systems directly and was not due to any action by Prime. The unauthorized party obtained some data from Keenan systems, potentially compromising personal information of Prime Healthcare benefit plan members, including names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, health insurance information, and health information such as diagnosis and treatment information. Keenan has provided affected individuals with a complimentary 24-month membership in Experian® IdentityWorksSM Credit 1B and set up a dedicated call center to answer questions about the incident[4][5][7].

The breach at Prime Healthcare is one of several recent cybersecurity incidents affecting healthcare organizations, highlighting the ongoing challenges and risks associated with protecting sensitive health information in the digital age[1][4][5][7].

Citations:

  1. https://www.hipaajournal.com/prime-healthcare-data-breach/
  2. https://healthitsecurity.com/news/prime-healthcare-ocr-agree-to-250k-data-breach-resolution
  3. https://casetext.com/case/prime-healthcare-servs-inc-v-harris-1
  4. https://www.businesswire.com/news/home/20240205573005/en/Keenan-Associates-Data-Security-Incident-Notification
  5. https://www.marketwatch.com/press-release/keenan-associates-data-security-incident-notification-75550cf1
  6. https://caselaw.findlaw.com/court/ca-court-of-appeal/1750705.html
  7. https://finance.yahoo.com/news/keenan-associates-data-security-incident-224300768.html
  8. https://californiahealthline.org/news/hackers-take-aim-at-two-more-southern-california-hospitals/
  9. https://lapalmaintercommunityhospital.com/prime-healthcare-and-kaiser-foundation-health-plan-end-lawsuits-and-agree-to-work-together/
  10. https://seculore.com/state/california/12-06-2023-ca-prime-healthcare/
  11. https://www.hipaajournal.com/keenan-associates-data-breach/
  12. https://casetext.com/case/prime-healthcare-la-palma-llc-v-kaiser-found-health-plan
  13. https://www.forthepeople.com/blog/9-prime-healthcare-hospitals-across-united-states-are-affected-moveit-data-breach/
  14. https://www.healthcarecompliancepros.com/blog/california-hospitals-hacked-and-ransom-demanded
  15. https://www.latimes.com/nation/la-na-0407-cyber-hospital-20160407-story.html
  16. https://www.justice.gov/usao-cdca/pr/prime-healthcare-services-and-its-ceo-agree-pay-65-million-settle-medicare-overbilling
  17. https://www.cbsnews.com/news/hca-healthcare-data-breach-hack-11-million-patients-affected/
  18. https://www.newsbreak.com/ontario-ca/3256130934536-9-prime-healthcare-hospitals-caught-in-moveit-data-breach
  19. https://caselaw.findlaw.com/court/ca-court-of-appeal/1683794.html
  20. https://www.reddit.com/r/hipaa/comments/18dpm5b/9_prime_healthcare_hospitals_affected_by_moveit/
Breach Submission Date Dec 06, 2023
Converted Entity Name Prime Healthcare
Converted Entity Type Healthcare Provider
State CA
Individuals Affected 7,185
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes