Upstream RollCo, LLC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Upstream RollCo, LLC, a healthcare services company based in Birmingham, Alabama, experienced a significant data breach that was announced on September 18, 2023. The breach involved unauthorized access to certain employee email accounts, which occurred in two separate periods: between January 24, 2023, and January 31, 2023, and again between February 3, 2023, and February 9, 2023. This cybersecurity incident led to the exposure of sensitive consumer information, including names, dates of birth, contact information, demographic information, medical information, health insurance information, and Social Security numbers[1][2].

The company, which specializes in outpatient rehabilitation services and employs over 960 people, generating approximately $615 million in annual revenue, took immediate action upon discovering the breach. They secured the affected email accounts and initiated an investigation to ascertain the extent of the data compromise and identify the individuals impacted[1][2]. By July 28, 2023, Upstream RollCo had completed its review of the compromised files and began the process of sending out data breach notification letters to all affected individuals[1].

More than 22,000 people in Texas were reported to be impacted by this breach[2]. The breach notification letters aimed to inform victims about the nature of the compromised information and advise them on steps to protect themselves from potential fraud or identity theft. Upstream RollCo also offered credit monitoring services at no cost to potentially affected individuals as a precautionary measure[5].

In response to the breach, several law firms have begun investigating and filing class action lawsuits against Upstream RollCo, LLC. These lawsuits allege that the company failed to implement reasonable cybersecurity practices to protect patient data, which was reportedly stored unencrypted and unredacted. The legal actions seek compensation for the victims and emphasize the need for enhanced security measures to prevent future breaches[6].

The incident has raised concerns about the security of sensitive health information and the potential long-term impacts on the victims of the breach. Individuals affected by the Upstream RollCo data breach are advised to remain vigilant by monitoring their account statements, credit reports, and to consider taking additional steps such as changing passwords and security questions for online accounts[3][5].

Citations:

  1. https://www.jdsupra.com/legalnews/upstream-rollco-llc-announced-data-7572711/
  2. https://www.myinjuryattorney.com/upstream-rollco-llc-data-breach-investigation/
  3. https://www.turkestrauss.com/2023/09/19/upstream-rehabilitation-data-breach-investigation/
  4. https://openclassactions.com/investigations/upstream-rollco-data-breach.php
  5. https://markets.businessinsider.com/news/stocks/upstream-rollco-llc-provides-notice-of-data-privacy-incident-1032634813
  6. https://www.classaction.org/news/upstream-rehabilitation-hit-with-class-action-over-data-breach-announced-in-september-2023
  7. https://www.mass.gov/doc/assigned-data-breach-number-30540-upstream-rollco-llc/download
  8. https://www.thelyonfirm.com/blog/upstream-rehabilitation-data-breach-investigation/
Breach Submission Date Apr 22, 2023
Converted Entity Name Upstream RollCo, LLC
Converted Entity Type Healthcare Provider
State AL
Individuals Affected 748,678
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes