Public Health Management Corporation
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Public Health Management Corporation (PHMC) in Pennsylvania experienced a data breach that was first identified on May 8, 2023, when suspicious activity was detected within its computer network. An investigation with the help of third-party digital forensic specialists confirmed that an unauthorized party gained access to PHMC’s network, during which they had the ability to access or remove certain files. These files contained sensitive consumer information, including names, addresses, Social Security numbers, dates of birth, protected health information, and health insurance information[1].
PHMC, a nonprofit public health institute based in Philadelphia, operates 70 locations and serves close to 350,000 clients annually. It employs more than 2,500 people and generates approximately $281 million in annual revenue. The organization offers a broad range of programs, including behavioral health and recovery, nurse-managed primary care, chronic disease management and prevention, and more[1].
On July 6, 2023, PHMC began sending out data breach notification letters to all individuals whose information was affected by the incident. The breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights, which initially listed 500 victims. However, this number is often used as a placeholder by companies to fulfill notification requirements while they continue to assess the full impact of the breach[1].
The healthcare industry has been a prime target for hackers due to the vast amounts of patient data maintained by healthcare providers, which can be used for identity theft and other fraudulent activities. Individuals who received a data breach notification from PHMC are advised to understand the risks and take steps to protect themselves from potential fraud or identity theft[1].
For more detailed information and legal assistance, individuals affected by the PHMC data breach can contact data breach lawyers, such as those at Console & Associates, P.C., who are investigating the breach and can provide guidance on potential damages and compensation[4].
Citations:
- https://www.jdsupra.com/legalnews/public-health-management-corporation-7717159/
- https://www.beckershospitalreview.com/cybersecurity/pennsylvania-hospital-data-breach-affects-169-000.html
- https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
- https://www.myinjuryattorney.com/public-health-management-corporation-data-breach-investigation/
- https://www.securityweek.com/4-5-million-individuals-affected-by-data-breach-at-healthec/
- https://cyberscoop.com/sec-cybersecurity-incidents-disclosure-rule/
- https://www.hipaajournal.com/phoenician-medical-center-cyberattack-affects-up-to-162500-patients/
- https://healthitsecurity.com/news/healthcare-data-breach-at-pa-rehab-center-impacts-130k
- https://www.federalregister.gov/documents/2022/03/23/2022-05480/cybersecurity-risk-management-strategy-governance-and-incident-disclosure
- https://www.bankinfosecurity.com/population-health-management-firms-breach-affects-millions-a-24024
- https://www.hipaajournal.com/pennsylvania-department-of-health-and-insight-global-sued-over-72000-record-data-breach/
- https://www.sec.gov/files/rules/final/2023/33-11216.pdf
- https://www.phmc.org/site/index.php?Itemid=1653&catid=8%3Apublications&id=822%3Apublic-health-directions-spring-2013&option=com_content&view=article
- https://news.bloomberglaw.com/privacy-and-data-security/covid-contact-tracing-contractor-settles-data-breach-lawsuit
- https://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.govtech.com/security/allegheny-county-pa-issues-alert-on-may-data-breach
- https://www.healthcarefinancenews.com/news/pennsylvania-hospital-hit-data-breach-affecting-169k
- https://www.infosecurity-magazine.com/news/philadelphia-alert-may-data-breach/