Paubox News | HIPAA Compliance, Email Security and Healthcare Tech

Health data analytics firm data breach affects over 1 million

Written by Farah Amod | May 02, 2024

In a recent incident, a prominent health data analytics firm based in Portland, ME, Berry, Dunn, McNeil & Parker, LLC (BerryDunn), reported a major data breach to the Maine Attorney General. The breach exposed personal information belonging to a staggering 1.1 million individuals. 

 

What happened

The breach occurred when BerryDunn's Health Analytics Practice Group (HAPG) contracted with a managed service provider (MSP) Reliable Networks of Maine, LLC (RMN) to manage their systems. On September 14, 2023, RMN detected suspicious activities within their network, including the systems managed for HAPG. In response, BerryDunn swiftly implemented its incident response protocols and engaged third-party cybersecurity experts to investigate the extent of the breach.

 

Going deeper

The investigation revealed that an unauthorized actor had gained access to the RMN network and exploited their privileged access to steal data from the HAPG systems managed by the MSP. To assess the scope of the breach, BerryDunn enlisted the help of a vendor, who completed a review of the affected files on April 2, 2024. The compromised information included personally identifiable information (PII) such as names, addresses, dates of birth, Social Security numbers, health insurance policy numbers, Medicare or Medicaid numbers, state or governmental ID numbers, passport numbers, and medical information.

To address the breach's impact, BerryDunn promptly mailed notification letters to the affected individuals on April 25, 2024. Additionally, the firm has offered complimentary credit monitoring and identity theft protection services, which include a $1 million identity theft reimbursement policy. While the exact number of affected clients remains uncertain, BerryDunn has taken significant measures to mitigate the risk. 

 

What was said

The accounting firm has “taken steps to secure the HAPG data, such as decommissioning all BerryDunn systems under Reliable’s control and migrating all HAPG data to secure internal BerryDunn systems that are continually monitored as part of our cybersecurity program.” according to Cybernews