Upstream RollCo, LLC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Upstream RollCo, LLC, a healthcare services company based in Birmingham, Alabama, experienced a significant data breach that was announced on September 18, 2023. The breach involved unauthorized access to certain employee email accounts, which occurred in two separate periods: between January 24, 2023, and January 31, 2023, and again between February 3, 2023, and February 9, 2023. This cybersecurity incident led to the exposure of sensitive consumer information, including names, dates of birth, contact information, demographic information, medical information, health insurance information, and Social Security numbers[1][2].
The company, which specializes in outpatient rehabilitation services and employs over 960 people, generating approximately $615 million in annual revenue, took immediate action upon discovering the breach. They secured the affected email accounts and initiated an investigation to ascertain the extent of the data compromise and identify the individuals impacted[1][2]. By July 28, 2023, Upstream RollCo had completed its review of the compromised files and began the process of sending out data breach notification letters to all affected individuals[1].
More than 22,000 people in Texas were reported to be impacted by this breach[2]. The breach notification letters aimed to inform victims about the nature of the compromised information and advise them on steps to protect themselves from potential fraud or identity theft. Upstream RollCo also offered credit monitoring services at no cost to potentially affected individuals as a precautionary measure[5].
In response to the breach, several law firms have begun investigating and filing class action lawsuits against Upstream RollCo, LLC. These lawsuits allege that the company failed to implement reasonable cybersecurity practices to protect patient data, which was reportedly stored unencrypted and unredacted. The legal actions seek compensation for the victims and emphasize the need for enhanced security measures to prevent future breaches[6].
The incident has raised concerns about the security of sensitive health information and the potential long-term impacts on the victims of the breach. Individuals affected by the Upstream RollCo data breach are advised to remain vigilant by monitoring their account statements, credit reports, and to consider taking additional steps such as changing passwords and security questions for online accounts[3][5].
Citations:
- https://www.jdsupra.com/legalnews/upstream-rollco-llc-announced-data-7572711/
- https://www.myinjuryattorney.com/upstream-rollco-llc-data-breach-investigation/
- https://www.turkestrauss.com/2023/09/19/upstream-rehabilitation-data-breach-investigation/
- https://openclassactions.com/investigations/upstream-rollco-data-breach.php
- https://markets.businessinsider.com/news/stocks/upstream-rollco-llc-provides-notice-of-data-privacy-incident-1032634813
- https://www.classaction.org/news/upstream-rehabilitation-hit-with-class-action-over-data-breach-announced-in-september-2023
- https://www.mass.gov/doc/assigned-data-breach-number-30540-upstream-rollco-llc/download
- https://www.thelyonfirm.com/blog/upstream-rehabilitation-data-breach-investigation/