On December 16, 2022, FoundCare, Inc. reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company learned that an unauthorized party was able to access confidential patient information by gaining access to several employee email accounts. According to FoundCare, the breach resulted in the following patient information being compromised: first and last names, addresses, email addresses, credit card numbers, Social Security numbers, protected health information, dates of birth, and passport numbers. Recently, FoundCare sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you were ever a patient at any of the several FoundCare locations, your personal and highly sensitive information may now be in the hands of a total stranger and possibly a criminal. As we’ve discussed in prior posts, hackers carry out data breaches in hopes of obtaining information they can then use to orchestrate various crimes of fraud, including identity theft. While there isn’t anything you could have done to prevent the breach, there are steps you can take to protect yourself from becoming one of the millions of identity theft victims. Additionally, if the pending investigation reveals that FoundCare was negligent in how it handled your information, you may be able to pursue a data breach lawsuit against the company for leaking your information.
What We Know About the FoundCare Data Breach
The available information regarding the FoundCare breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR). According to this source, as well as a notice posted on the company’s website, on around September 2, 2022, FoundCare identified suspicious activity within its email environment. In response, the company began working with cybersecurity experts to learn more about the incident, what caused it, and whether any patient data was compromised as a result.
The company’s investigation concluded on October 18, 2022, and confirmed that an unauthorized party had gained access to several employee email accounts. Further investigation revealed that confidential information belonging to certain patients was included in the affected email accounts.
Upon discovering that sensitive patient data was made available to an unauthorized party, FoundCare began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your first and last name, address, email address, credit card number, Social Security number, protected health information, date of birth, passport number, and other unique identification numbers issued on a government document used to verify identity.
On December 16, 2022, FoundCare sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the U.S. Department of Health and Human Services Office for Civil Rights, the FoundCare data breach impacted 14,194 patients.
Originally founded in 1985 as the Comprehensive AIDS Program (CAP) of Palm Beach County, Inc., FoundCare, Inc. is a community health center located in West Palm Beach, Florida. FoundCare operates seven locations throughout South Florida, including in Belle Glade, Palm Springs, Boynton Beach, West Palm Beach, and North Palm Beach. The practice provides a wide range of services to patients, including adult medicine, chronic disease management, dental care, pediatric medicine, behavioral health and women’s health services. FoundCare employs more than 111 people and generates approximately $23 million in annual revenue.
