On August 30, 2024, EngageMED filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access the company’s IT network. In this notice, EngageMED explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, and claim information. Upon completing its investigation, EngageMED began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from EngageMED, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the EngageMED data breach. For more information, please see our recent piece on the topic here.
What Was the Cause of the EngageMED Data Breach?
The EngageMED data breach was only recently announced, and more information is expected in the near future. However, EngageMED’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. EngageMED also posted a notice on its website discussing the incident.
According to these sources, on July 3, 2024, EngageMED identified suspicious activity within its computer network. In response, EngageMED secured its systems, informed law enforcement of the apparent attack, and then launched an investigation to learn more about the incident as well as what, if any, patient information may have been affected.
Through this investigation, EngageMED confirmed that an unauthorized actor had been able to access portions of its IT network between June 12, 2024 and July 3, 2024, including files containing confidential patient information.
After learning that sensitive consumer data was accessible to an unauthorized party, EngageMED reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, medical information, health insurance information, and claim information.
On August 30, 2024, EngageMED sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About EngageMED
Established in 1995, EngageMED is a healthcare support services provider based in Little Rock, Arkansas. Originally founded as Arkansas Physician Management, Inc., the company changed its name to EngageMED in 2018. EngageMED provides a range of services for healthcare providers, including revenue cycle management, practice operational support, network services and more. EngageMED employs more than 603 people and generates approximately $107 million in annual revenue.
