On January 9, 2024, Concentra, Inc. filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering patient data was leaked as a result of a third-party data breach at Perry Johnson & Associates, Inc. (“PJ&A”). In a separate data breach notification, PJ&A explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, dates of birth, addresses, medical record numbers, hospital account numbers, and medical information. Upon completing its investigation, Concentra began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Concentra, Inc. or Perry Johnson & Associates, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Concentra / PJ&A data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Concentra Patients?
The PJ&A / Concentra data breach was only recently announced, and more information is expected in the near future. However, Concentra’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Concentra also posted a website notice that links to a PJ&A letter providing additional details about the breach.
According to these sources, at some point in 2023, PJ&A learned that an unauthorized party was able to gain access to PJ&A’s IT network, including files containing confidential patient information. The period of unauthorized access was between March 27, 2023 and May 2, 2023.
After learning that sensitive consumer data was accessible to an unauthorized party, PJ&A reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, address, medical record number, hospital account number, and medical information.
On September 29, 2023, PJ&A sent out data breach letters to some of those who were affected by the recent data security incident. However, PJ&A did not inform Concentra of the incident until November 10, 2023. It is unclear when, but it appears that PJ&A has since sent letters to all affected Concentra patients. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Concentra, Inc.
Founded in 1979, Concentra, Inc. is a healthcare services provider based out of Addison, Texas. Concentra is a division of Select Medical, which is a large nationwide healthcare company. Concentra itself operates a network of approximately 520 urgent care clinics in 44 states. Concentra employs more than 11,000 people and generates approximately $1.6 million in annual revenue.