The health service provider recently faced a large data breach.
What happened
Continuum Health Alliance, a New Jersey-based technology-enabled managed services company and integrator, recently experienced a data breach.
The company filed a notice with the Attorney General of Main on April 29th, 2024 after discovering that private information belonging to patients of the Consensus Medical Group was leaked after Continuum was breached.
According to the notice, approximately 377,119 individuals were impacted. Breached information varied and could include names, Social Security numbers, dates of birth, health insurance information, medical information, and some contact information.
Going deeper
Continuum Health’s notice states that the breach was initially discovered on October 19th, 2023. Upon discovery, Continuum immediately secured its system and took steps to investigate alongside a third party. Through the investigation, Continuum discovered an unauthorized actor had gained access to their network between October 18th and October 19th, 2023.
Continuum shared that the investigation concluded on March 8th, 2024, and the company has since been working to verify what information was taken. On February 16th, Continuum posted a notice regarding the breach on its website. On April 29th, Continuum began providing written notice to impacted patients.
What’s next
Continuum shared that they have notified federal law enforcement and are beginning to implement additional safeguards and employee training to prevent future attacks.
The company is also offering credit monitoring services and guidance to help individuals protect themselves against identity theft and fraud.
Many companies that are victims of a data breach are also facing increasing lawsuits. If Continuum faces a class action lawsuit, the court may determine whether the organization could have prevented the breach or better secured private data.
Right now, it’s unclear if a legal case will develop or be settled, but multiple legal organizations are attempting to compile complaints related to the breach.
Why it matters
Even though Continuum Health Alliance was breached, the security incident resulted in Consensus Medical Group, a physician-owned medical group, having data breached.
It’s common for healthcare groups to outsource certain administrative tasks, but that can increase vulnerability if the third parties are not as secure.
According to a recent report, nearly 95% of organizations are affiliated with a third party that has experienced a data breach. This data breach shows data should always be protected, no matter whose hands. The incident occurred fairly recently, and ultimately, Paubox predicts more information regarding the attack and potential lawsuits will come to light in the near future.
Read more: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
