On August 14, 2022, OMNI Healthcare filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights. While the specific type of data leaked as a result of the incident remains unknown, it appears that it involved patients’ electronic medical records. Recently, OMNI Healthcare sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the OMNI Healthcare data breach, please see our recent piece on the topic here.
What We Know About the OMNI Healthcare Data Breach
Very little is known about the OMNI Healthcare breach, primarily because the company has so far only filed notice with the U.S. Department of Health and Human Services Office for Civil Rights. What we do know is that the breach involved unauthorized access or disclosure of patients’ electronic medical records. This means that the incident was not likely due to a hacking event but may have been caused by an error within the company that exposed patients’ data to an outside party.
Currently, the U.S. Department of Health and Human Services Office for Civil Rights website notes that the breach impacted 1,000 patients. However, companies will often use round numbers as placeholders until they can determine the exact number of people who were affected by the breach.
As of today, OMNI Healthcare has not posted notice of the breach on its website. However, OMNI Healthcare will likely send out data breach letters to all individuals whose information was compromised as a result of the recent data security incident if it has not done so already.
More Information About OMNI Healthcare
Founded in 1994, OMNI Healthcare is a multi-specialty physician group practice of doctors treating patients in Brevard County, Florida. The group consists of physicians that practice internal medicine, radiology, pediatrics, family practice, and surgery. OMNI Healthcare maintains several facilities, including:
-
OMNI Healthcare Melbourne Medical Center
-
OMNI Healthcare Palm Bay Medical Center
-
OMNI Healthcare Indian Harbour Beach
-
OMNI Healthcare West Melbourne
-
OMNI Healthcare Suntree/Viera
-
Atlantis Diagnostics
-
Parish Cancer Center
-
Melbourne Medical Lab
OMNI Healthcare employs more than 147 people and generates approximately $32 million in annual revenue.
Did the OMNI Healthcare Breach Affect Patients’ Protected Health Information?
The OMNI Healthcare data breach affected patients’ electronic medical records. While United Healthcare has not provided many details about the incident leading to the breach or specifics about the type of healthcare-related data subject to unauthorized access, it is possible that the breach may have leaked patients’ protected health information.
The term protected health information (“PHI”) refers to data relating to a patient’s past or present health condition. For example, the results of a patient’s medical imaging test, a patient’s medical history, or a patient’s current list of prescription medications might all be considered protected health information. PHI can also refer to how a patient pays for their healthcare, such as their insurance claims information. However, healthcare-related data is only considered protected when it also contains an “identifier” that allows someone to match the data up with the patient it belongs to. For example, some of the most common identifiers include patients’ names, addresses, email addresses, photographs or Social Security numbers.
Because the OMNI Healthcare breach resulted in electronic medical records being compromised, it is likely that this included “protected healthcare information.”
But what is the significance of a healthcare data breach impacting your PHI? As a patient, this means that if anyone obtains this data, they would have enough information about you to carry out healthcare identity fraud.
Healthcare identity theft is similar to the more familiar financial identity theft; however, healthcare identity theft is often much harder to resolve and comes at a far greater cost to patients. In addition, unlike financial identity theft, healthcare data breaches can put patients’ physical health at risk.
For example, after a successful healthcare breach, a hacker may sell a patient’s data to a third party, who then uses the information to obtain medical care in the victim’s name. In doing so, the unauthorized patient may give healthcare providers their own medical information, which often gets mixed up with the victim’s information. For instance, a pretend patient may give a treating physician a list of their own medications, allergies, or medical history. This can cause serious issues when the real patient goes back to the doctor for a routine procedure or surgery.
It is essential that those who have their protected health information leaked in a data breach take all necessary steps to reduce the chances of healthcare identity theft, including reviewing their medical records and alerting providers to any inaccurate information. Patients who have questions about how to hold a company accountable for the theft of their information should reach out to a data breach lawyer for assistance.
