On June 22, 2023, SoutheastHEALTH posted a notice describing a recent “Potential Security Issue” after the company learned that confidential patient information was subject to unauthorized access due to a third-party data breach. Evidently, the incident involved Intellihartx, LLC (“ITx”), a vendor that SoutheastHEALTH uses to assist with its billing. As a result, SoutheastHEALTH patient info was leaked, including their names, Social Security numbers, dates of birth, addresses, and protected health information. After confirming that consumer data was leaked, ITx began sending out data breach notification letters to SoutheastHEALTH patients whose information was impacted by the recent data security incident.
If you received a data breach notification from SoutheastHEALTH or Intellihartx, LLC, it is essential you understand what is at risk and what you can do about it. Based on the notice provided by SoutheastHEALTH, it appears that these letters will be coming from Intellihartx, which may cause confusion among patients who’ve never heard of the company. It is important that patients do not ignore this letter, as breaches like this one increase your risk of identity theft and other frauds. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the SoutheastHEALTH data breach, please see our recent piece on the topic here.
What We Know So Far About the SoutheastHEALTH Breach
News of the SoutheastHEALTH data breach is still fresh; however, what we know at this point comes from the brief “Potential Security Issue” notice posted by SoutheastHEALTH, as well as the data breach letter sent by ITx. According to these sources, the SoutheastHEALTH breach involved two other companies: ITx and Fortra, LLC.
Fortra, LLC is a software company that created a managed file transfer program called GoAnywhere. ITx used the GoAnywhere program, which, on February 2, 2023, was found to contain a vulnerability. The vulnerability allowed hackers to access information Fortra’s customers transferred using the GoAnywhere program.
After Fortra notified ITX of the software vulnerability, ITx launched an investigation to determine the nature and scope of the breach, as well as which of the company’s customers may have been affected.
On March 24, 2023, ITx completed its initial review of the data. However, soon after, Fortra provided ITx with additional information. ITX also reached out to the hackers to learn more about the incident. This second phase of the investigation was completed on May 10, 2023. By May 19, 2023, ITx confirmed that the Fortra breach impacted confidential SoutheastHEALTH patient data.
Upon discovering that sensitive consumer data was made available to an unauthorized party, ITx began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, address, and protected health information.
On June 9, 2023, ITx sent out data breach letters to all SoutheastHEALTH patients whose information was compromised as a result of the recent data security incident. On June 22, 2023, SoutheastHEALTH posted a notice on its website indicating that the ITX did not provide SoutheastHEALTH with notice of the breach, as required by HIPAA, and that “SoutheastHEALTH has no current business relationship with this vendor.”
More Information About SoutheastHEALTH
SoutheastHEALTH is a large healthcare system based in Cape Girardeau, Missouri. SoutheastHEALTH operates more than 50 locations throughout Missouri, providing patients with a wide range of services, including cancer care, vascular care, primary care, orthopedic care, primary care, women’s health and pediatric care. SoutheastHEALTH employs more than 2,350 people and generates approximately $345 million in annual revenue.