Crescent Community Health Center Files Notice of Patient Data Breach with the HHS-OCR

Richard Console, Jr.
Console and Associates, P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

On January 31, 2024, Crescent Community Health Center (“CCHC”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after discovering that information that had been provided to the company was subject to unauthorized access. As a result of this incident, an unauthorized party may have been able to access confidential information belonging to certain CCHC patients. Upon completing its investigation, CCHC began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Crescent Community Health Center, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Crescent Community Health Center data breach. For more information, please see our recent piece on the topic here.

What Caused the Crescent Community Health Center Data Breach?

The Crescent Community Health Center data breach was only recently announced, and more information is expected in the near future. At this point, CCHC has not posted a website notice discussing the incident and CCHC’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides only limited information on what led up to the breach.

However, we do know that the Crescent Community Health Center data breach involved a “hacking / IT incident” targeting the company’s email system. However, due to the prevalence of third-party data breaches, it is important to understand that this incident may not have involved a cyberattack against CCHC, as hackers may have been able to obtain patient data by orchestrating a cyberattack against one of CCHC’s vendors.

Regardless, after learning that sensitive consumer data was accessible to an unauthorized party, Crescent Community Health Center reviewed the compromised files to determine what information was leaked and which consumers were impacted. The incident is listed on the HHS-COR website as affecting 501 people. However, “501” is commonly used by companies as a placeholder until the investigation into the incident is complete.

On January 31, 2024, Crescent Community Health Center sent out data breach letters to anyone who was affected by the recent data security incident. And while we don’t know what type of information was leaked as a result of the CCHC breach, because the company provided notice to the HHS-OCR, it is likely that it affected consumers’ protected health information.

More Information About Crescent Community Health Center

Founded in 2006, Crescent Community Health Center is a healthcare services provider based out of Dubuque, Iowa. CCHC offers primary care, dental care and brain health services, as well as certain specialty services, including gynecology, telehealth services, pharmacy services and eye care services. Crescent Community Health Center employs more than 60 people and generates approximately $6 million in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide