On November 25, 2024, two long-term care facilities that rely on services provided by PointClickCare filed data breach notices after discovering that the incident at PointClickCare resulted in compromised patient information. In recently posted website notices, the affected facilities, Citadel of Northbrook and Pavilion of Bridgeview, explain that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, Social Security numbers, Medicare/Medicaid identification numbers, medical information, and health insurance information. Upon completing its investigation, the affected facilities began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from PointClickCare, Citadel of Northbrook, Pavilion of Bridgeview, or any other facility impacted by the PointClickCare data breach, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the PointClickCare data breach. For more information, please see our recent piece on the topic here.
What Caused the PointClickCare Data Breach?
The PointClickCare data breach was only recently announced, and more information is expected in the near future. And, while PointClickCare does not appear to have filed official notice of the breach, two long-term care facilities affected by the incident have posted website notices discussing the incident.
According to website notices posted on the Citadel of Northbrook and Pavilion of Bridgeview websites, on July 20, 2024, PointClickCare discovered unusual activity within its EHR platform. In response, PointClickCare launched an investigation to learn more about the incident.
Through this investigation, PointClickCare confirmed that an unauthorized actor used certain compromised credentials to access, view, and acquire patient information that was stored within the EHR platform.
After learning that sensitive patient data was accessible to an unauthorized party, PointClickCare reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, Medicare/Medicaid identification number, medical information, and health insurance information.
On November 25, 2024, Citadel of Northbrook and Pavilion of Bridgeview sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised. Notably, both Citadel of Northbrook and Pavilion of Bridgeview are owned by Omnia Healthcare Group.
More Information About PointClickCare
PointClickCare is a healthcare software company based out of Ontario, Canada. PointClickCare provides third-party management services to skilled nursing facilities, senior living facilities, hospitals, health plans and others. PointClickCare employs more than 2,000 people and generates approximately $420 million in annual revenue.
