On December 22, 2022, Legacy Operating Company, LLC d/b/a/ Legacy Hospice filed notice of a data breach with the Maine Attorney General after learning that an unauthorized party was able to access several employee email accounts containing confidential patient data. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, taxpayer identification numbers, dates of birth, dates of death, driver’s license numbers, government identification numbers, financial account information, credit or debit card information, passport numbers, and protected health information. After confirming that consumer data was leaked, Legacy Hospice began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you or a loved one spent time at a Legacy Hospice Facility, your personal information may be in jeopardy. As we’ve discussed in previous posts, hackers have recently shown an increased interest in pursuing consumers’ protected health information, which they can use to carry out a wide range of frauds, including identity theft. However, the fact that you received a Legacy Hospice data breach letter doesn’t necessarily mean you will be the next victim of identity theft. There are steps you can take to protect yourself. Additionally, the pending investigation uncovers evidence that Legacy Hospice was negligent in how it stored patient data, the company may be financially liable to victims through a data breach lawsuit.

What We Know So Far About the Legacy Hospice Breach

The available information regarding the Legacy Hospice breach comes from the company’s filing with the Maine Attorney General. According to this source, Legacy Hospice recently learned that an unauthorized party was able to access employee email accounts. In response, the company began working with cybersecurity professionals in hopes of learning more about the nature and extent of the incident and whether any patient data was compromised as a result.

Legacy Hospice’s investigation confirmed that an unauthorized actor had gained access to the company computer network on February 11, 2022 and again between April 7, 2022 and April 21, 2022. Further investigation confirmed that some of the files that were accessible to the unauthorized party contained confidential information belonging to certain patients.

Upon discovering that sensitive consumer data was made available to an unauthorized party, Legacy Hospice began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, taxpayer identification number, date of birth, driver’s license number, government identification number, financial account information, credit or debit card information, passport number, and protected health information.

On December 22, 2022, Legacy Hospice sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to the office of the Maine Attorney General, the Legacy Hospice data breach affected 21,202 individuals across the country.

More Information About Legacy Operating Company, LLC d/b/a/ Legacy Hospice

Legacy Hospice is a long-term care provider for individuals with terminal illnesses. The company is based in Salem, Arkansas, but operates more than 18 facilities in Alabama, Arkansas, Louisiana, Mississippi, Missouri, Oklahoma, and Tennessee. Legacy Hospice is the trade name for Legacy Operating Company, LLC. Legacy Hospice employs more than 61 people and generates approximately $16 million in annual revenue.