The revenue cycle service company recently faced a data breach impacting nearly 500,000 individuals.
What happened
Designed Receiveable Solutions, Inc, also known as DRSI, faced a data breach in January 2024. The company, which assists healthcare organizations in debt collection processes, filed an initial notice soon after. This notice stated that approximately 129,000 individuals were impacted in the breach.
More recently, on April 26th, 2024, DRSI updated the notice. They now believe that the true number of impacted individuals is approximately 498,686. Impacted information included names, addresses, Social Security Numbers, driver’s license numbers, and identification card numbers.
Going deeper
The breach initially occurred on January 22nd, when DRSI detected suspicious activity in its network.
Upon discovery, DRSI worked with a cybersecurity firm to investigate the nature and scope of the incident. DRSI completed its investigation on March 13th. Under the Maine Attorney General, it’s filed as an external hacking breach.
In its online disclosure, DRSI said it was sending a notice to impacted individuals on behalf of approximately 17 organizations that DRSI works with. Like DRSI, most of their business associates are based out of California.
What was said
In DRSI’s notice to impacted individuals, the company shared that they have “no evidence any of the information [breached] has been misused by a third party, but because information related to you was disclosed, we are notifying you out of full transparency.”
DRSI said they are working to improve their security by “reviewing and enhancing its existing policies and procedures related to data privacy to reduce the likelihood of a similar future event.”
Why it matters
According to a recent report, third-party breaches are having a massive impact on healthcare organizations.
As of 2024, it’s believed that 98% of organizations are affiliated with a third party that has experienced a breach. Conversely, 29% of third-party attacks have led to data breaches in affiliated companies.
Healthcare is particularly vulnerable because many of these organizations are reliant on third-parties for billing, insurance, administrative tasks, and a variety of other operations. When an attack strikes a third-party, it can lead to a range of complications for the companies that had shared sensitive data.
The big picture
As DRSI continues to work through the data breach, it remains unclear why the breach happened and if it could have been avoided.
Lawsuits regarding breaches like this are increasingly common, and DRSI us unlikely to be spared. Multiple firms are currently gearing up to pursue a class action lawsuit, which will likely demand security improvements and monetary compensation for victims if DRSI could have prevented the incident.
Data breaches are becoming more costly, time-consuming, and dangerous; it’s important now more than ever for companies to prioritze the safety of their data.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
