On May 5, 2023, Catholic Health posted notice of a third-party data breach following an incident at one of the organization’s vendors, Minimum Data Set Consultants, LLC. Based on the Catholic Health notice, the incident resulted in an unauthorized party gaining access to patients’ names, birthdates, demographic information, Social Security numbers, Medicare numbers, and diagnosis information. After confirming that consumer data was leaked, Catholic Health began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Catholic Health or Minimum Data Set Consultants, LLC, it is essential you understand what is at risk and what you can do about it. As we’ve previously mentioned in other posts, healthcare data breaches often provide hackers with everything they need to commit complex frauds against victims, including identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Catholic Health data breach, speak with a data breach lawyer.
What We Know So Far About the Catholic Health Breach
News of the Catholic Health data breach is still fresh; however, what we know at this point comes from the company’s blog post dated May 5, 2023. According to this source, Minimum Data Set Consultants that Catholic Health relies upon for consulting services. In late March 2023, Minimum Data Set Consultants learned of suspicious activity within its computer network. In response, the company launched an investigation, confirming that an unauthorized party accessed certain files on its network on or around August 27, 2023.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Catholic Health began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, birth date, demographic information, Social Security number, Medicare number, and diagnosis information.
While Catholic Health has not been able to verify exactly which patient records were accessed, in an abundance of caution, the company is notifying all patients whose information was exposed.
On May 5, 2023, Catholic Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Catholic Health
Founded in 1998, Catholic Health is a healthcare system based in Buffalo, New York. The company operates several hospitals and primary care providers in the area, including Kenmore Mercy Hospital, Mercy Hospital of Buffalo, Mount St. Mary's Hospital, Sisters of Charity Hospital, and St. Joseph Campus. Catholic Health employs more than 9,500 people and generates approximately $1.5 billion in annual revenue.