June 2, 2022

Weekly Data Breach Alert: May 24 – May 31

+ Follow Contact

Send

Embed

In recent months, data breaches have become more common. Just last week, there were about ten notable data breaches, including those involving Nederlander Theatrical Corp., Biolase, Inc., Colonial Life & Accident Insurance Company, C.R. England, Inc., East Tennessee Children’s Hospital, Allwell Behavioral Health Services, the Inglis Foundation, Val Verde Regional Medical Center, Optoma Technology, Inc., and Alameda Health System.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of a data breach, please see our recent piece on the topic here.

Nederlander Theatrical Corp.

The data breach at Nederlander Theatrical Corp. involved the names and Social Security Numbers of as many as 14,318 people. According to the notice provided by Nederlander, the company first learned of the breach on November 21, 2021, upon detecting suspicious activity on its computer system. After learning of the suspicious activity, Nederlander engaged in a detailed review of all affected files, confirming that the names and Social Security numbers of more than 14,000 people were compromised. On May 20, 2022, Nederlander Theatrical Corp. began sending those who were impacted by the breach data breach letters.

Biolase, Inc.

The medical device company Biolase, Inc. reported a week-long data breach that exposed victims’ data to an unauthorized party between the dates of December 21, 2021 and December 29, 2021. According to the company’s official filing, on December 29, 2021, Biolase first learned of the incident. After conducting an investigation with the assistance of third-party cybersecurity experts, on April 20, 2022, Biolase confirmed that an unauthorized party was able to access certain consumer data. However, the company has not yet disclosed what data types were compromised as a result of the incident. On May 20, 2022, Biolase, Inc. mailed out data breach letters to everyone who was affected by the recent data security incident.

Colonial Life & Accident Insurance Company

On May 23, 2022, Colonial Life & Accident Insurance Company filed official notice of a data breach involving multiple data types, including consumers’ names, Social Security numbers, addresses, financial account information and protected health information. However, other than the types of information leaked as a result of the breach, few other details about the incident have been released. On May 23, 2022, Colonial Life & Accident Insurance Company sent data breach letters to those consumers whose information was compromised due to the recent data security incident.

C.R. England, Inc.

This past week, the Salt Lake City-based trucking company, C.R. England, Inc., reported a massive data breach. Based on the company’s initial filings, on October 30, 2021, C.R. England first learned of unauthorized activity on its computer systems. After investigating the incident, the company confirmed that the names and social security numbers of as many as 224,572 people were accessible to an unauthorized party. On May 23, 2022, C.R. England sent victims data breach letters informing them of the incident and how they can protect themselves in its wake.

East Tennessee Children’s Hospital

In another large data breach, East Tennessee Children’s Hospital (“ETCH”) reported that the sensitive information of as many as 422,531 patients was compromised after an unauthorized user gained access to patient files. On March 13, 2022, ETCH first noticed suspicious activity across the hospital’s computer system. After investigating the incident, the administration determined that patients’ names, contact information, dates of birth, medical record numbers, medical history information, and Social Security numbers were accessible to the unauthorized party. Subsequently, on May 23, ETCH sent out data breach letters to all patients whose information was compromised as a result of the breach.

Allwell Behavioral Health Services

The Ohio-based mental healthcare provider Allwell Behavioral Health Services recently reported a data breach stemming from a March 2, 2022 cyberattack. After detecting unauthorized activity, Allwell retained the services of third-party cybersecurity professionals to investigate the incident. Evidently, this investigation revealed that the incident exposed the following patient data: name, date of birth, Social Security number, phone number, treatment activity, treatment provider, treatment date, treatment location, and payer information. On May 23, 2022, Allwell issued data breach letters to those patients who were impacted by the incident.

Inglis Foundation

The Inglis Foundation recently reported a data breach affecting the names, Social Security numbers, dates of birth, addresses, bank account information and health information of certain consumers. According to the company’s official filings, Inglis first learned of the incident on April 17, 2022. From there, Inglis arranged for third-party cybersecurity experts to investigate the incident to learn more about its cause and whether any consumer data was compromised as a result. On April 26, 2022, the investigation confirmed that an unauthorized user was able to access sensitive information belonging to an unknown number of individuals. On May 20, 2022, the Inglis Foundation issued data breach notification letters to those whose information was leaked as a result of the incident.

Val Verde Regional Medical Center

On May 24, Val Verde Regional Medical Center posted notice of a data breach on its website. This notice explained that the company experienced a network disruption on March 10, 2022, prompting it to investigate the incident. The investigation confirmed that an unauthorized party accessed and potentially downloaded files containing sensitive patient data. While the affected information varies depending on the person, it may include a patient’s name, address, Social Security number, patient account number, and medical record number. On May 25, 2022, Val Verde Regional Medical Center sent out data breach letters to all affected parties explaining what happened and what the company has done in response.

Optoma Technology, Inc

Medical device manufacturer, Optoma Technology, Inc., reported a data breach following a May 1, 2022 cyberattack. After investigating the incident, Optoma Technology confirmed that an unauthorized party was able to access certain files on the company’s computer system containing the following consumer information: names, Social Security numbers, driver’s license numbers, state identification numbers, financial account information, payment information, health insurance information, username and password. The company also reported that the breach spanned the days between April 21, 2022 and May 1, 2022. On May 24, 2022, Optoma Technology sent out data breach letters to everyone who was affected by the breach.

Alameda Health System

Also, this week, Alameda Health System filed official notice of a data breach impacting as many as 90,000 individuals. While details about the Alameda Health System breach are sparse, more information about this data security incident is expected in the near future. Alameda Health System’s notice with the U.S. Department of Health and Human Services Office for Civil Rights was filed on May 20, 2022.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.