Omni Healthcare Financial Holdings, the parent company of Omni Healthcare Financial and Injury Finance LLC, confirmed it experienced a cyberattack in January 2024, leading to network disruption and potential data breaches involving sensitive patient information.
The cyberattack on Omni Healthcare Financial Holdings was detected on January 19, 2024, with a forensic investigation revealing unauthorized network access by an unknown third party on January 18. The breach potentially compromised sensitive patient data, including names, contact information, birth dates, Social Security numbers, medical records, treatment details, and provider information.
Omni Healthcare reported the incident to the HHS’ Office for Civil Rights, noting that 16,852 individuals were affected. Furthermore, notification letters, complimentary credit monitoring, and identity theft protection services are offered to impacted individuals.
According to the Omni Healthcare Notice of Data Event, “On January 19, 2024, Omni Healthcare experienced a network disruption. Upon discovery, we immediately isolated our network, and third-party specialists were engaged to investigate the incident.”
Additionally, their investigation determined that “an unknown third-party accessed or acquired certain information on our network between January 18, 2024, and January 19, 2024.”
Omni Healthcare, headquartered in Huntersville, North Carolina, finances and services medical lien receivables. Since its founding in 2002, the company has connected attorneys, healthcare providers, and personal injury patients who need medical treatment but lack immediate funds or health insurance coverage. Omni Healthcare assumes the financial risk to ensure that medical providers receive upfront payments for their services, allowing patients to access medical care.
As a business associate, Omni Healthcare Financial Holdings provides financial and administrative services, like managing billing, financial transactions, and other administrative functions. These services require access to sensitive patient data, making robust cybersecurity measures essential to protect this information.
Since Omni Healthcare handles protected health information (PHI), it must comply with HIPAA regulations to protect this information from unauthorized access and breaches.
Go deeper: What does it mean to be a business associate?
The data breach at Omni Healthcare Financial Holdings affects 16,852 patients, raising concerns about the security of their health information. Omni Healthcare responded by promptly investigating the breach, reporting it to law enforcement, and implementing enhanced cybersecurity measures to prevent future incidents.
Ultimately, as cybercriminals increasingly target the healthcare industry, provider organizations, and business associates must increase their security measures.
The cyberattack at Omni Healthcare Financial Holdings is part of a broader trend of increasing cyberattacks on healthcare providers. So, with protected health information (PHI) being a target for cybercriminals, healthcare organizations must continuously improve security measures to protect patient data.
Related: HIPAA Compliant Email: The Definitive Guide