On October 24, 2022, Somnia Pain Management of Kentucky reported a data breach with the Maine Attorney General’s Office after the company experienced a third-party data breach through its “Management Services Organization.” According to Somnia, the breach resulted in patients’ names, Social Security numbers, dates of birth, driver’s license numbers, financial account information, health insurance policy numbers, Medical Record Numbers, Medicaid or Medicare IDs, and health information such as treatment and diagnosis information being compromised. Recently, Somnia sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

When you trusted Somnia Pain Management of Kentucky with your health and your personal information, you never expected your data to end up in the hands of total strangers—and potential criminals. However, that appears to be exactly what happened here, of course, due to no fault of your own. As we’ve discussed in prior posts, companies that fail to take the necessary precautions with your information can be held liable through a data breach lawsuit. Regardless of your interest in pursuing a claim for compensation against the company responsible, it is essential that you take the necessary precautions to protect yourself from identity theft and other frauds.

What We Know About the Somnia Pain Management of Kentucky Data Breach

The available information regarding the Somnia Pain Management of Kentucky breach comes from the company’s filing with the Attorney General of Maine. According to this source, on July 11, 2022, the unnamed Management Services Organization (“MSO”) for Somnia detected suspicious activity within its computer network, which prevented it from accessing certain files. In response, the MSO disconnected all systems and enlisted the assistance of outside cybersecurity professionals to assist with the company’s investigation. The investigation confirmed that some of the information on the MSO’s computer system was compromised, including sensitive patient data.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Somnia Pain Management began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, date of birth, driver’s license number, financial account information, health insurance policy number, Medical Record Numbers, Medicaid or Medicare ID, and health information such as treatment and diagnosis information.

On October 24, 2022, Somnia Pain Management sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Somnia Pain Management of Kentucky breach affected a reported 10,849 individuals.

The very same day, an entity by the name of “Somnia, Inc.” reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights, listing a total of 1,326 victims. At this point, it cannot be confirmed that Somnia, Inc. and Somnia Pain Management of Kentucky are related entities, although that remains a possibility.

Somnia Pain Management of Kentucky is a healthcare practice based in Lexington, Kentucky. The registered agent for Somnia Pain Management of Kentucky appears to be the same individual who founded Somnia, Inc.

Somnia, Inc. is a practice management company based in Harrison, New York. The company provides services exclusively to anesthesiologists and related healthcare professionals. The company operates in 13 states and works with over 200 payors. Somnia Pain Management employs more than 250 people and generates approximately $29 million in annual revenue.