On October 21, 2022, Phoenix Programs of Florida, Inc. filed an official notice of a data breach with the Massachusetts Attorney General after several company email accounts were compromised. According to Phoenix House Florida, the breach affected certain consumers’ names; Social Security numbers; driver’s license numbers; dates of birth; credit/debit card numbers, expiration dates and CVV/security codes; digitized or electronic signatures; Client IDs. The breach also impacted individuals’ protected health information, including that related to medical history, health conditions, treatments, diagnoses, and health insurance information. Recently, Phoenix House Florida sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
As a result of the recent breach, information of those individuals who sought treatment from the Phoenix House of Florida is now in the hands of potential criminals. As we’ve discussed in a previous post, this dramatically increases the risk of identity theft and other frauds that can follow in the wake of a data breach. It is essential that those who receive a data breach letter from the Phoenix House of Florida take all necessary precautions to protect themselves.
What We Know About the Phoenix Programs of Florida Data Breach
The available information regarding the Phoenix Programs of Florida breach comes from the company’s filing with the Massachusetts Attorney General, as well as a notice posted on the company’s website. According to these sources, the Phoenix House of Florida recently learned that an unauthorized party gained access to certain organizational email accounts between the dates of July 13, 2021 and November 1, 2021.
In response, Phoenix House Florida reset all email login credentials and enlisted the help of a third-party data security firm to investigate the incident. The investigation confirmed that an unauthorized party had access to the employee email accounts and could not rule out that the unauthorized party viewed or removed information from those accounts. It was also determined that the email accounts contained sensitive information pertaining to certain individuals.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Phoenix Programs of Florida began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name; Social Security number; driver’s license number; date of birth; credit or debit card number, card expiration date, and card CVV/security code; digitized or electronic signature; Client ID; information regarding medical history, condition, treatment, or diagnosis; and health insurance information.
Starting on October 19, 2022, Phoenix Programs of Florida sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Phoenix Programs of Florida, Inc. is a nonprofit drug and alcohol rehabilitation facility with centers throughout the United States. Phoenix House Florida is based in Brandon, Florida. Phoenix House as a whole employs more than 2,700 people and generates approximately $101 million in annual revenue.