On April 10, 2024, American Healthcare Systems LLC d/b/a Randolph Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party accessed a Randolph Health employee email account. In this notice, Randolph Health explains the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth, medical record numbers, health insurance identification numbers, and diagnosis codes. Upon completing its investigation, Randolph Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Randolph Health, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Randolph Health data breach. For more information, please see our recent piece on the topic here.

What Caused the Randolph Health Data Breach?

The Randolph Health data breach was only recently announced, and more information is expected in the near future. However, Randolph Health’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. Randolph Health also posted a website notice discussing the incident.

According to these sources, on February 14, 2024, Randolph Health learned that an unauthorized party had gained access to an employee’s email account. In response, Randolph Health contained the incident and then launched an investigation with the help of cybersecurity experts.

Randolph Health’s investigation confirmed that an unauthorized party was able to access certain files containing confidential patient information that were stored in the affected email account.

After learning that sensitive consumer data was accessible to an unauthorized party, Randolph Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, medical record number, health insurance identification number, and diagnosis codes.

On April 10, 2024, Randolph Health notified the HHS-OCR about the incident. Typically, this is the date that the company sent out data breach letters to anyone who was affected by the recent data security incident. However, that is not always the case. Regardless, these letters should provide victims with a list of what information belonging to them was compromised.

More Information About Randolph Health

Formally known as American Healthcare Systems LLC, Randolph Health is a healthcare services provider based out of Asheboro, North Carolina. Randolph Health is a community healthcare system consisting of an acute care hospital, primary and specialty physician practices, home health services, a PACE facility and a freestanding MRI testing facility. Randolph Health employs more than 694 people and generates approximately $77 million in annual revenue.