On August 9, 2024, the Facial Pain Center (“FPC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access certain employee email accounts. In this notice, FPC explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, demographic information, medical information, health insurance information, and dates of birth. Upon completing its investigation, FPC began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Facial Pain Center, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Facial Pain Center data breach. For more information, please see our recent piece on the topic here.

What Caused the Data Breach Affecting Facial Pain Center?

The Facial Pain Center data breach was only recently announced, and more information is expected in the near future. However, FPC’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. The Facial Pain Center also posted a website notice describing the incident and the company’s response.

According to these sources, on January 23, 2024, the Facial Pain Center detected suspicious activity within several employee email accounts. In response, FPC secured the affected accounts and then launched an investigation with the help of third-party cybersecurity experts.

Through this investigation, FPC was able to determine that an unauthorized party had gained access to several employee email accounts between January 11, 2024 and January 23, 2024. It was subsequently confirmed that the affected email accounts contained sensitive consumer information.

After learning that sensitive consumer data was accessible to an unauthorized party, Facial Pain Center reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, demographic information, medical information, health insurance information, and date of birth.

On August 9, 2024, Facial Pain Center filed notice of the breach with the HHS-OCR. Typically, this is around the time that companies send out data breach letters to victims of a breach; however, the timeline for the Facial Pain Center data breach could be different. Regardless, once sent, these letters should provide victims with a list of what information belonging to them was compromised.

More Information About Facial Pain Center

Facial Pain Center is a healthcare services provider based out of Bloomington, Minnesota. FPC specializes in the treatment of temporomandibular Joint disorder (“TMD”) and Sleep Apnea. The Facial Pain Center operates eight locations around the Twin Cities, including in Blaine, Bloomington, Burnsville, Minnetonka, Roseville, Shakopee, St. Louis Park, and Woodbury. Facial Pain Center employs more than 25 people and generates approximately $5 million in annual revenue.