On February 29, 2024, Cherry Street Services, Inc. d/b/a Cherry Health (“Cherry Health”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access its computer network. In a February 15, 2024 website notice, Cherry Health explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, addresses, phone numbers, dates of birth, health insurance information, patient ID numbers, provider names, and service dates. Upon completing its investigation, Cherry Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Cherry Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Cherry Health data breach. For more information, please see our recent piece on the topic here.

What Caused the Cherry Health Data Breach?

The Cherry Health data breach was only recently announced, and more information is expected in the near future. However, Cherry Health’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Cherry Health also posted a website notice discussing the incident.

According to these sources, on December 21, 2023, Cherry Health experienced a network disruption, affecting employees’ ability to access the company’s IT network. In response, Cherry Health enlisted the help of third-party data security specialists to investigate the incident.

The Cherry Health investigation is ongoing; however, the company recently confirmed that an unauthorized party was able to access its computer systems as well as confidential information belonging to certain patients.

After learning that sensitive consumer data was accessible to an unauthorized party, Cherry Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, address, phone number, date of birth, health insurance information, patient ID numbers, provider names, and service dates.

On February 15, 2024, Cherry Health sent out preliminary data breach letters; however, additional letters may be forthcoming now that the company has filed notice of the breach with the U.S. Department of Health and Human Services Office for Civil Rights. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Cherry Health

Cherry Health is a healthcare services organization based out of Grand Rapids, Michigan. Cherry Health operates more than 20 healthcare facilities in six Michigan counties, including the Grand Rapids, Greenville, Hastings, Muskegon, and Wyoming areas. Cherry Health employs more than 800 people and generates approximately $118 million in annual revenue.