In recent months, data breaches have become more common. Just last week, there were about 9 data breaches, including those involving Omnicell, Inc., Pacific Living Properties, Inc., Gershman Investment Corp., 48forty Solutions, LLC, Hartmann Financial Advisors, Behavioral Health Partners of MetroWest LLC, FPS Medical Center, Ltd., Jackson County Hospital District, and Schneck Medical Center.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of a data breach, please see our recent piece on the topic here.
Omnicell, Inc.
The Omnicell data breach was first reported in the company’s 10-Q filing. Evidently, on May 4, 2022, Omnicell discovered that some of the company’s systems were impacted by a ransomware attack. While details of the Omnicell breach are few and far between, the company noted that the breach “could lead to the loss of trade secrets or other intellectual property, or to the public exposure of sensitive and confidential information of our employees, customers, suppliers, and others.”
As of the writing of this Weekly Data Breach Alert, there is no indication that Omnicell has determined the scope of the breach, including which types of information were compromised. However, additional details are expected in the near future.
Pacific Living Properties, Inc.
Pacific Living Properties, Inc. (“PLP”), Inc. recently provided notice of a data breach spanning between February 9, 2022 and February 12, 2022. During this period, an unauthorized party gained access to the company’s computer system. It took PLP approximately two months to determine the extent of the breach and identify all affected parties, a process it completed on April 11, 2022. Then, on May 13, 2022, PLP sent out data breach letters to everyone whose information was compromised in the breach.
Gershman Investment Corp.
The Gershman Investment Corp. data breach reportedly resulted in the names, Social Security Numbers, driver’s license numbers, passport numbers, and financial account numbers being compromised. Evidently, in September 2021, Gershman Mortgage first detected a cybersecurity incident that temporarily impacted the company’s computer systems.
Initially, the Gershman Investment Corp. didn’t believe that any consumer data was impacted by the breach; however, in December 2021, additional information came to light, resulting in the company conducting a subsequent investigation. On April 13, 2022, the company confirmed that an unauthorized party was able to access files on the company’s computer system and that these files contained sensitive consumer data. According to the company’s most recent report, the unauthorized party had access between September 7, 2021 and September 22, 2021.
On May 13, 2022, Gershman Mortgage sent all impacted parties data breach letters explaining the event and what they can do to protect themselves.
48forty Solutions, LLC
On May 13, 2022, 48forty Solutions, LLC filed official notice of a breach, sending out data breach letters to all affected parties. The source of the breach was a December 21, 2021 data security incident in which an unauthorized party was able to access files on the company’s computer system containing sensitive consumer information. It wasn’t until April 27, 2022 that 48forty Solutions completed its investigation into the scope of the breach; however, the company has not yet publicly disclosed the types of information compromised as a result of the breach.
Hartmann Financial Advisors
The Hartman Financial Advisors breach resulted in the full names, addresses, Social Security numbers, account numbers, and driver's license information being leaked after an unauthorized user accessed the company’s IT network. The data security incident leading to the breach occurred on September 29, 2021. An internal investigation into the breach is still ongoing; however, on May 12, 2022, Hartmann Financial Advisors filed official notice of the breach and sent out data breach letters to all affected parties.
Behavioral Health Partners of MetroWest LLC
The data breach at Behavioral Health Partners of MetroWest LLC (“BHPMW”) occurred on October 1, 2021, when the company learned that an unauthorized party accessed and downloaded files from the BHPMW network between September 14, 2021 and September 18, 2021. In response, BHPMW launched an investigation into the incident, confirming that the following information of 11,288 patients was compromised. The information involved in the breach includes affected parties’ names, addresses, Social Security numbers, dates of birth, client identification number, health insurance information, and medical diagnosis or treatment information. BHPMW sent out data breach letters to everyone whose information was leaked as a result of the breach on or about May 12, 2022.
FPS Medical Center, Ltd
Recently, FPS Medical Center, Ltd (“FPS”) first noticed the possibility of a data breach on or around March 3, 2022. Evidently, that day, the company noticed that some of its files had been encrypted. An internal investigation confirmed that an unauthorized party gained access to the company’s computer systems on February 28, 2022. This access continued until March 3, 2022. After conducting an investigation into the incident, FPS learned that the breach resulted in the following information being compromised: names, addresses, dates of birth, driver’s license numbers, medical information (including treatment and diagnosis information), and health insurance information. The company reports that as many as 28,024 people were affected by the breach. On May 6, 2022, FPS Medical Center issued data breach letters to everyone whose personal data was compromised in the breach.
Jackson County Hospital District
The Jackson County Hospital District breach involved the leak of protected health information, including patients’ names, dates of birth, contact information, Social Security numbers, medical history, medical conditions or treatment information, medical record numbers, diagnosis codes, and patient account numbers. According to a recent filing by the Jackson County Hospital District, alarm bells began ringing on January 9, 2022, when the District detected suspicious activity on its computer systems. An internal investigation confirmed that an unauthorized party had gained access to certain files containing the sensitive patient information of 98,746 people. On May 6, 2022, Jackson County Hospital District sent data breach letters to those patients whose protected health information was compromised as a result of the recent data security incident.
Schneck Medical Center
In another healthcare data breach, Schneck Medical Center reported that the names, Social Security numbers, and protected health information of certain patients were compromised due to a data security incident. Schneck Medical Center first learned of the breach on March 17, 2022, when it confirmed that an unauthorized user was able to gain access to the Center’s IT system. After a detailed review of the affected files, Schneck Medical Center reported that the breach involved the following data belonging to affected patients: full name, Social Security number, financial account information, payment card information, home address, date of birth, medical record and other internal identification numbers, driver’s license number, state identification number, medical diagnosis and conditions information, and health insurance/claims information. On May 16, 2022, Schneck Medical Center provided notice of the incident by issuing all parties impacted by the breach with data breach notification letters.
