On December 27, 2024, Dragonfly Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, Dragonfly Health explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Dragonfly Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Dragonfly Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Dragonfly Health data breach. For more information, please see our recent piece on the topic here.
What Caused the Dragonfly Health Data Breach?
The Dragonfly Health data breach was only recently announced, and more information is expected in the near future. However, at this early point, Dragonfly Health does not appear to have issued a press release or posted a notice on its website discussing the incident. Additionally, the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides only limited information on what led up to the breach.
Based on the available information, we know that the Dragonfly Health data breach involved a “Hacking / IT Incident” of an email server. However, absent additional information, we do not know for certain that Dragonfly Health’s systems were compromised, as the company could be reporting a third-party breach targeting one of the company’s vendors.
Regardless of the source of the breach, after learning that sensitive consumer data was accessible to an unauthorized party, Dragonfly Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. Dragonfly Health recently completed this process.
On December 27, 2024, Dragonfly Health filed notice of the breach with the HHS-OCR. Typically, this is when companies will send out data breach notification letters to anyone whose information was leaked. Of course, the timing could be different in the Dragonfly Health data breach. Either way, once these personalized data breach letters are sent, they should provide victims with a list of what information belonging to them was compromised.
More Information About Dragonfly Health
Dragonfly Health is a healthcare technology company focused on improving patient care through innovative digital health solutions. Based in Phoenix, Arizona, Dragonfly Health was created through the merger of StateServ and Delta Care Rx, creating the first and only DME and pharmacy service platform. The company specializes in developing platforms and tools that enhance communication, streamline care coordination, and improve outcomes for patients with chronic conditions.
