On October 26, 2023, Greater Rochester Independent Practice Association Inc. (“GRIPA”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that a software vulnerability within MOVEit enabled hackers to access confidential consumer information within the company’s possession. In this notice, GRIPA explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, protected health information and Social Security numbers. Upon completing its investigation, GRIPA began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Greater Rochester Independent Practice Association Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the GRIPA / MOVEit data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting GRIPA?

The GRIPA / MOVEit data breach was only recently announced, and more information is expected in the near future. However, GRIPA’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. GRIPA also posted a notice of the incident on its website.

According to these sources, on May 31, 2023, GRIPA learned of the MOVEit vulnerability. MOVEit is a file-transfer program created by Progress Software, which GRIPA used to securely transfer files.

However, the vulnerability within MOVEit enabled hackers to access files stored within the GRIPA’s MOVEit server. Some of these files contained confidential consumer information. This is because GRIPA provides services for various health care providers, and has provided patient PHI to perform these services. GRIPA confirmed unauthorized access to certain files on June 5, 2023.

After learning that sensitive consumer data was accessible to an unauthorized party, GRIPA reviewed the compromised files to determine what information was leaked and which consumers were impacted. GRIPA completed this process on September 1, 2023. While the breached information varies depending on the individual, it may include your name, protected health information and Social Security number

On October 26, 2023, GRIPA sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Greater Rochester Independent Practice Association Inc.

Founded in 1996, Greater Rochester Independent Practice Association Inc., or GRIPA as it is more commonly known, is a health care provider based in Rochester, New York. GRIPA comprises over 1,300 physicians and their affiliate hospitals. GRIPA employs more than 25 people and generates approximately $15 million in annual revenue.