Legacy Operating Company, LLC d/b/a/ Legacy Hospice Reports Data Breach After Unauthorized Access to Employee Email Accounts

Console and Associates, P.C.
Contact

On December 22, 2022, Legacy Operating Company, LLC d/b/a/ Legacy Hospice filed notice of a data breach with the Maine Attorney General after learning that an unauthorized party was able to access several employee email accounts containing confidential patient data. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, taxpayer identification numbers, dates of birth, dates of death, driver’s license numbers, government identification numbers, financial account information, credit or debit card information, passport numbers, and protected health information. After confirming that consumer data was leaked, Legacy Hospice began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you or a loved one spent time at a Legacy Hospice Facility, your personal information may be in jeopardy. As we’ve discussed in previous posts, hackers have recently shown an increased interest in pursuing consumers’ protected health information, which they can use to carry out a wide range of frauds, including identity theft. However, the fact that you received a Legacy Hospice data breach letter doesn’t necessarily mean you will be the next victim of identity theft. There are steps you can take to protect yourself. Additionally, the pending investigation uncovers evidence that Legacy Hospice was negligent in how it stored patient data, the company may be financially liable to victims through a data breach lawsuit.

What We Know So Far About the Legacy Hospice Breach

The available information regarding the Legacy Hospice breach comes from the company’s filing with the Maine Attorney General. According to this source, Legacy Hospice recently learned that an unauthorized party was able to access employee email accounts. In response, the company began working with cybersecurity professionals in hopes of learning more about the nature and extent of the incident and whether any patient data was compromised as a result.

Legacy Hospice’s investigation confirmed that an unauthorized actor had gained access to the company computer network on February 11, 2022 and again between April 7, 2022 and April 21, 2022. Further investigation confirmed that some of the files that were accessible to the unauthorized party contained confidential information belonging to certain patients.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Legacy Hospice began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, taxpayer identification number, date of birth, driver’s license number, government identification number, financial account information, credit or debit card information, passport number, and protected health information.

On December 22, 2022, Legacy Hospice sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the office of the Maine Attorney General, the Legacy Hospice data breach affected 21,202 individuals across the country.

More Information About Legacy Operating Company, LLC d/b/a/ Legacy Hospice

Legacy Hospice is a long-term care provider for individuals with terminal illnesses. The company is based in Salem, Arkansas, but operates more than 18 facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee. Legacy Hospice is the trade name for Legacy Operating Company, LLC. Legacy Hospice employs more than 61 people and generates approximately $16 million in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Console and Associates, P.C.

Written by:

Console and Associates, P.C.
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide