On April 5, 2024, the Sleep Management Institute filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that the company was recently targeted in a ransomware attack. In this notice, the Sleep Management Institute explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security Numbers, driver’s license numbers, passport numbers, financial account information, digital signatures, biometric data, mother’s maiden names, and medical information. Upon completing its investigation, the Sleep Management Institute began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from the Sleep Management Institute, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Sleep Management Institute data breach. For more information, please see our recent piece on the topic here.

What Caused the Sleep Management Institute Data Breach?

The Sleep Management Institute data breach was only recently announced, and more information is expected in the near future. However, the Sleep Management Institute’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides some important information on what led up to the breach. The Sleep Management Institute also posted a website notice discussing the incident.

According to these sources, on February 5, 2024, the Sleep Management Institute discovered unusual activity within its computer network that appeared to be consistent with a ransomware attack. In response, the Sleep Management Institute took certain systems offline, notified law enforcement and then launched an investigation with the help of cybersecurity experts.

While the Sleep Management Institute’s investigation is ongoing, the investigation confirmed that unauthorized actors accessed the Sleep Management systems from January 27, 2024 to February 6, 2024. It was also confirmed that certain files containing confidential patient information were accessible to the hackers.

After learning that sensitive consumer data was accessible to an unauthorized party, Sleep Management Institute reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security Number, driver’s license number, passport number, financial account information, digital signature, biometric data, mother’s maiden name, and medical information.

On April 5, 2024, the Sleep Management Institute filed notice with the HHS-OCR. This is typically around the time that companies will send out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Sleep Management Institute

The Sleep Management Institute is a sleep diagnostic and treatment provider based in Cincinnati, Ohio. The Sleep Management Institute diagnoses and treats more than 90 sleep disorders, including sleep apnea, insomnia, narcolepsy, restless leg syndrome, and periodic limb movement. The Sleep Management operates six locations in Kenwood, Monroe, Eastgate, Mt. Auburn, Green Township and Middletown. The Sleep Management Institute employs more than 25 people and generates approximately $5 million in annual revenue.