On November 9, 2023, Healix Infusion Therapy (“Healix”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after discovering that an unauthorized party was able to access confidential information that had been provided to the company. In this notice, Healix explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Healix began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a data breach notification from Healix Infusion Therapy, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Healix Infusion Therapy data breach. For more information, please see our recent piece on the topic here.

What Caused the Healix Infusion Therapy Data Breach?

The Healix Infusion Therapy data breach was only recently announced, and more information is expected in the near future. However, Healix’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. That said, the information is limited, and Healix does not appear to have posted a website notice discussing the incident at this point.

According to the HHS-OCR posting, the incident involved a “Hacking / IT incident” targeting a network server that contained confidential consumer information. After learning that sensitive consumer data was accessible to an unauthorized party, Healix Infusion Therapy reviewed the compromised files to determine what information was leaked and which consumers were impacted.

Unfortunately, at this point, we cannot confirm what type of information was compromised. However, it is likely that the Healix breach involved patients’ protected health information (“PHI”) because only those breaches impacting the PHI of more than 500 people need to be reported to the HHS-OCR.

Currently, Healix’s notice with the HHS-OCR lists the total victim count as “501.” However, companies routinely file a victim count of “501” as a placeholder until they can confirm the actual number of victims.

On November 9, 2023, Healix Infusion Therapy filed notice of the breach with HHS-OCR. While it can’t be confirmed, companies typically send out mandated data breach letters around the same time they file notice with the HHS-OCR. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Healix Infusion Therapy

Healix Infusion Therapy is a healthcare services provider based out of Sugar Land, Texas. Healix provides office-based infusion therapy services, as well as revenue cycle management services, drug procurement services, and other related services. Healix Infusion Therapy employs more than 500 people and generates approximately $74 million in annual revenue.