Professional Healthcare Management Notifies Stakeholders of Data Security Incident

17
Professional Healthcare Management Notifies Stakeholders of Data Security Incident

Professional Healthcare Management, Inc. (“PHM”), located in Memphis, Tennessee, announced today that it recently became aware of a data privacy incident impacting its servers, which contained protected health and personal information of some PHM clients and employees.

PHM is a business that primarily operates in the home health care services industry and provides related health care services. PHM is committed to keeping the community informed, communicating about the steps it is taking toward resolution, and ensuring impacted individuals have the tools they need to minimize the impact of the incident.

On September 14, 2021, PHM discovered that it was the victim of a sophisticated ransomware attack. After discovering the incident, PHM quickly took steps to secure and safely restore its systems and operations.

Further, PHM immediately engaged third-party forensic and incident response experts to conduct a thorough investigation of the incident’s nature and scope and assist in the remediation efforts. PHM’s investigation is ongoing, but after performing a comprehensive review of the impacted data, PHM believes it could contain protected health information.

PHM is notifying those potentially impacted by this incident by mail (if possible) and providing steps that can be taken to protect their information, including complimentary identity monitoring and protection services. PHM recommends that these individuals enroll in the services provided and follow the recommendations contained within the notification letter to increase the likelihood that their information remains protected.

As of the date of this release, PHM has no evidence indicating misuse of any information. Notification to individuals potentially affected by this incident is being performed out of an abundance of caution and pursuant to the organization’s obligations under the Health Insurance Portability and Accountability Act (HIPAA).

Also Read: Securing the Enterprise against REvil-like Cyber-attacks

Further, after reviewing the potentially impacted protected health and personal information, PHM determined that it may include first and last name, social security number, health insurance information (Medicaid number, Medicare number and insurance identification number), prescription name(s) and diagnosis code(s). Again, as stated above, it is important to note that PHM has no evidence of misuse of any information as of the date of this release.

In response to this incident, PHM is implementing additional cybersecurity safeguards, enhancing its cybersecurity policies, procedures, and protocols, and implementing additional employee cybersecurity training.

“We take the security and privacy of the information contained in our systems with the utmost seriousness. Further, we were shocked to discover that we were one of the thousands of victims of this type of cyberattack,” said Amanda Egner, CIO of PHM. “We are fully committed to protecting the information on our systems and sincerely regret the concern and inconvenience caused by this event. We thank the community, our employees, patients, and partners for their support during this event.”

As a precautionary measure, PHM recommends that individuals remain vigilant by closely reviewing their account statements and credit reports. If any suspicious activity is detected, PHM strongly advises that the account holder promptly notify the financial institution or company that maintains the account. Further, individuals should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC).

To file a complaint or to contact the FTC, you can (1) send a letter to the Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) call 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.

For more such updates follow us on Google News ITsecuritywire News