Public Health Management Corporation

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The Public Health Management Corporation (PHMC) in Pennsylvania experienced a data breach that was first identified on May 8, 2023, when suspicious activity was detected within its computer network. An investigation with the help of third-party digital forensic specialists confirmed that an unauthorized party gained access to PHMC’s network, during which they had the ability to access or remove certain files. These files contained sensitive consumer information, including names, addresses, Social Security numbers, dates of birth, protected health information, and health insurance information[1].

PHMC, a nonprofit public health institute based in Philadelphia, operates 70 locations and serves close to 350,000 clients annually. It employs more than 2,500 people and generates approximately $281 million in annual revenue. The organization offers a broad range of programs, including behavioral health and recovery, nurse-managed primary care, chronic disease management and prevention, and more[1].

On July 6, 2023, PHMC began sending out data breach notification letters to all individuals whose information was affected by the incident. The breach was reported to the U.S. Department of Health and Human Services Office for Civil Rights, which initially listed 500 victims. However, this number is often used as a placeholder by companies to fulfill notification requirements while they continue to assess the full impact of the breach[1].

The healthcare industry has been a prime target for hackers due to the vast amounts of patient data maintained by healthcare providers, which can be used for identity theft and other fraudulent activities. Individuals who received a data breach notification from PHMC are advised to understand the risks and take steps to protect themselves from potential fraud or identity theft[1].

For more detailed information and legal assistance, individuals affected by the PHMC data breach can contact data breach lawyers, such as those at Console & Associates, P.C., who are investigating the breach and can provide guidance on potential damages and compensation[4].

Citations:

  1. https://www.jdsupra.com/legalnews/public-health-management-corporation-7717159/
  2. https://www.beckershospitalreview.com/cybersecurity/pennsylvania-hospital-data-breach-affects-169-000.html
  3. https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
  4. https://www.myinjuryattorney.com/public-health-management-corporation-data-breach-investigation/
  5. https://www.securityweek.com/4-5-million-individuals-affected-by-data-breach-at-healthec/
  6. https://cyberscoop.com/sec-cybersecurity-incidents-disclosure-rule/
  7. https://www.hipaajournal.com/phoenician-medical-center-cyberattack-affects-up-to-162500-patients/
  8. https://healthitsecurity.com/news/healthcare-data-breach-at-pa-rehab-center-impacts-130k
  9. https://www.federalregister.gov/documents/2022/03/23/2022-05480/cybersecurity-risk-management-strategy-governance-and-incident-disclosure
  10. https://www.bankinfosecurity.com/population-health-management-firms-breach-affects-millions-a-24024
  11. https://www.hipaajournal.com/pennsylvania-department-of-health-and-insight-global-sued-over-72000-record-data-breach/
  12. https://www.sec.gov/files/rules/final/2023/33-11216.pdf
  13. https://www.phmc.org/site/index.php?Itemid=1653&catid=8%3Apublications&id=822%3Apublic-health-directions-spring-2013&option=com_content&view=article
  14. https://news.bloomberglaw.com/privacy-and-data-security/covid-contact-tracing-contractor-settles-data-breach-lawsuit
  15. https://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/
  16. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  17. https://www.govtech.com/security/allegheny-county-pa-issues-alert-on-may-data-breach
  18. https://www.healthcarefinancenews.com/news/pennsylvania-hospital-hit-data-breach-affecting-169k
  19. https://www.infosecurity-magazine.com/news/philadelphia-alert-may-data-breach/
Breach Submission Date Jul 06, 2023
Converted Entity Name Public Health Management Corporation
Converted Entity Type Healthcare Provider
State PA
Individuals Affected 501
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes