On November 21, 2022, Hope Health Systems, Inc. (“HHS”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company learned that sensitive patient information stored on its network was leaked following a ransomware attack. According to HHS, the breach resulted in the patients’ names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, and medical information being compromised. Recently, HHS sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
As a patient, you place a tremendous amount of trust in your healthcare providers. Understandably, you assume that any healthcare office will not only provide you with the treatment you need but that it will also keep your sensitive information secure. Unfortunately, this is not always the case. However, as we’ve noted in previous posts, healthcare providers that are negligent in how they store your information can be held accountable through a data breach lawsuit. These claims can not only provide you with meaningful compensation for everything you’ve been put through but also encourage all providers to take their data security responsibilities more seriously—hopefully reducing the chances of similar incidents in the future.
What Led Up to the Hope Health Systems Data Breach
The information regarding the Hope Health Systems breach comes from the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal as well as a notice posted on the Hope Health Systems’ website. According to these sources, on June 20, 2022, HHS first learned of a possible cybersecurity event when portions of the company’s computer network were encrypted.
In response, HHS began working with an outside cybersecurity firm to investigate the incident and determine what, if any, patient data was compromised as a result. The HHS investigation confirmed that an unauthorized party was able to access the company’s computer network starting on June 10, 2022. On August 24, 2022, the investigation also revealed that some of the encrypted files contained sensitive information belonging to certain patients, although HHS could not confirm that the unauthorized party actually viewed, accessed, or removed the data.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Hope Health Systems began to review the affected files to determine what information was compromised and which consumers were impacted. The company completed this process on October 18, 2022. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, health insurance information, and medical information.
On November 21, 2022, Hope Health Systems sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1999, Hope Health Systems, Inc. is a private, for-profit mental health services provider based in Woodlawn, Maryland. The company provides direct mental health, substance abuse, and community support services to adults, children, and minors in institutional and outpatient settings through three Maryland locations in Woodlawn, Greenspring, and Carroll County. HHS also provides administrative management and research consulting services. Hope Health Systems employs more than 134 people and generates approximately $36 million in annual revenue.