Recently, Marietta Area Health Care, better known to most as Memorial Health System, announced that the company experienced a data breach stemming from a malware attack on its computer systems. According to a company news release, on August 14, 2021, Memorial Health System discovered the presence of malware on some of the company’s servers. After conducting a follow-up investigation, the company learned that an unauthorized party accessed data on the servers relating to 216,478 individuals.
A data breach occurs when a person, usually a hacker or other criminal actor, breaches a company’s security system and accesses sensitive consumer information in the company’s position. Often, cybercriminals will target a company that they know has weak or outdated data-security technology. Once a hacker obtains information through a data breach, they may use that information to commit identity theft or sell the data to the highest bidder on the black market. Regardless of who ends up with a consumer’s sensitive information, those affected by a data breach are significantly more likely to experience identity theft or fall victim to other potentially serious crimes. Given the risks, it is essential anyone who received a data breach letter from Memorial Health System take the steps necessary to protect themselves from the risks data breaches such as this one present.
Those impacted by the Memorial Health System data breach have reason to be concerned. Ever since the beginning of the COVID-19 pandemic, identity theft crimes have become much more common. In many instances, identity thieves obtain the data they need to commit these crimes through a data breach.
Companies like Memorial Health System have a duty to protect consumer data. Thus, if evidence emerges that your sensitive information was mishandled leading up to the data breach, you may be eligible for financial compensation through a data breach class action lawsuit.
Are Consumers Affected by the Memorial Health System Data Breach Entitled to Financial Compensation?
When you provided Memorial Health System with your personal information, you trusted that the company would take your privacy seriously. Certainly, anyone would assume that the company would take all precautions to prevent sensitive consumers’ financial and personal information from ending up in the possession of a potential criminal. However, news of this data breach raises serious questions about the company’s data-security measures at the time of the breach and, potentially, the company’s commitment to consumer privacy.
All businesses in possession of consumer data have an ethical and legal obligation to ensure it remains private. To be sure, maintaining an adequate data-security system is a burden; however, it is a necessary cost of doing business in an environment where hacking and cyberattacks are common. If a company does not take its consumer privacy duties seriously, it may be liable through a data breach class action lawsuit. Of course, United States data breach laws are complex, and news of this data breach is very recent. Thus, there is not yet any evidence that Memorial Health System was negligent in how it handled consumer data. However, our data breach lawyers are looking into the breach to determine what legal remedies affected consumers may have against the Memorial Health System.
If you have questions about your ability to bring a class action lawsuit against Memorial Health System, it is essential that you contact a data breach attorney as soon as possible.
What to Do if You Received a Data Breach Notification from Memorial Health System
If you received a data breach letter from Memorial Health System, it means you were among those whose personal data was compromised in the recent data breach. It also means a total stranger may have accessed, viewed, and retained your sensitive personal information. While there is no telling why a hacker wants your information or what they intend to do with it, it is essential you remain vigilant to protect yourself by taking the following steps:
- Carefully read the data breach letter sent by Memorial Health System to determine what information of yours was accessible;
- Make a copy of the letter for your records;
- Enroll in the free credit monitoring service provided by Memorial Health System;
- Change all your passwords and security questions for any online accounts;
- Enable two-factor or multi-factor authentication, where it is available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that may be a sign of identity theft;
- Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About Memorial Health System
Memorial Health System is the business name used by Marietta Area Health Care. The company operates as a not-for-profit integrated health system. Memorial Health System employs over 2,700 employees, including 325 providers at 64 clinics, providing a wide range of services, from emergency care to women’s health to cancer treatment to pediatric services. Marietta Area Health Care was founded in Marietta, Ohio, in 1984, and generates approximately $490 in annual revenue.
The Details of the Memorial Health System Consumer Data Breach
According to the most recent data breach letter issued by Memorial Health System, on August 14, 2021, the company identified malware on certain company servers. Memorial Health System conducted an investigation into the incident and determined that on or about July 10 through August 15, 2021, an unauthorized party gained access to some of the company’s electronic files. This prompted a follow-up investigation into the extent of the consumer data compromised as a result of the breach. Ultimately, around November 1, 2021, Memorial Health System confirmed that the personal information of more than 216,478 individuals was accessible by the unauthorized party during the breach. This information included consumers’ full names and Social Security numbers.
Around January 12, 2022, the Memorial Health System sent out a written notice to all affected parties, informing them of the breach and what they can do to protect themselves. In this communication, Memorial Health System explains that while there is no indication that the unauthorized party used or intends to use any of the data obtained, those in receipt of a Memorial Health Systems data breach letter are encouraged to keep a lookout for signs of identity theft.
Below is a copy of the initial data breach letter issued by Memorial Health System (the company’s full online notice can be found here):
Marietta Area Health Care Inc. dba Memorial Health System (“MHS”) writes to inform you of an incident that may affect the privacy of some of your information. We are providing you with an overview of the incident, our response, and steps you may take to better protect yourself, should you wish to do so.
What Happened? On August 14, 2021, MHS identified the presence of malware on certain servers in our environment. We immediately commenced an investigation to determine the full nature and scope of the incident and to secure our network. Through this investigation, we determined that an unauthorized actor accessed certain systems within our network on or about July 10 through August 15, 2021. On or about September 17, 2021, we determined the unauthorized actor may have accessed or acquired information from systems potentially containing patient information. We then carefully reviewed the contents of the affected systems to determine what, if any, sensitive information may have been compromised. On November 1, 2021, our review confirmed the scope of the information at risk and the population potentially impacted. We have worked diligently since this time to confirm the patients who may be impacted, the types of information at issue, and the best contact information for the impacted population, in order to provide an accurate notification. On December 9, 2021, our review determined that protected information related to you may have been impacted.
What Information Was Involved? We conducted a thorough review of the relevant systems to identify the types of information stored there and to whom it related. Our review determined that your information was present in the affected systems and it is possible that your information could have been accessed or acquired by an unauthorized actor. This information includes your <>. While we have no reason to believe that any identity theft or unauthorized use of the affected information has occurred, we wanted to make sure you are aware of this incident.
What We Are Doing. MHS has strict security measures to protect the information in our possession, and we have worked to add further technical safeguards to our environment. Following this incident, we took immediate steps to improve the security of our environment and increase our security posture.
As an added precaution, we are also offering you complimentary access to 12 months of identity monitoring services, through Kroll. You will need to activate these services yourself if you wish to do so, as we are not able to activate them on your behalf. Please review the instructions contained in the attached Steps You Can Take to Help Protect Your Personal Information for additional information on these services.
What You Can Do. We encourage you to review the enclosed Steps You Can Take To Help Protect Your Personal Information for additional steps you may take and information on what you can do to better protect against the possibility of identity theft and fraud, should you feel it is appropriate to do so. We also encourage you to activate the complimentary identity monitoring services we are offering you. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and explanation of benefits and monitoring your free credit reports for suspicious activity and to detect errors over the next 12 to 24 months.
For More Information. If you have questions about this letter, please call (855) 545-2370 between the hours of 9:00 a.m. and 6:30 p.m., Eastern Time, Monday through Friday, excluding major U.S. holidays.
We sincerely regret any inconvenience or concern this incident may cause.