Written by Console and Associates, P.C.
On October 14, 2022, Pennsylvania healthcare system Keystone Health filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a cybersecurity incident compromising the sensitive information of certain patients. According to Keystone, the breach resulted in the names, Social Security numbers and clinical health information of more than 235,000 patients being compromised. Recently, Keystone sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.
Over the past year, hackers and other bad actors have begun targeting healthcare providers at an unprecedented rate. As we’ve discussed in previous articles and posts on other similar healthcare data breaches, these incidents put patients at an increased risk of both financial and healthcare identity theft. For example, the information stolen in healthcare data breaches can be used to obtain healthcare services in a victim’s name, which not only means the victim is on the hook for another’s medical care but can also mean that the victim’s medical record ends up containing inaccurate information. Therefore, it is critical for victims of any healthcare data breach to take immediate steps to reduce the risk of fraud.
What We Know About the Keystone Health Data Breach
The available information regarding the Keystone Health breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights as well as notice posted on the company’s website. According to these sources, on August 19, 2022, Keystone discovered an incident that temporarily disrupted the normal operations of its computer network. In response, Keystone contacted law enforcement and began working with an outside cybersecurity firm to investigate the incident and determine what, if any, consumer information was jeopardized as a result of the incident.
The company’s investigation revealed that an unauthorized party had gained access to its computer network on July 28, 2022, and that the period of unauthorized access lasted until August 19, 2022, when the company discovered the attack. It was also determined that the files which were accessible to the unauthorized party may have contained confidential information belonging to certain consumers.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Keystone Health began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, and clinical health information.
On October 14, 2022, Keystone Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1986, Keystone Health is a Community Health Center serving Franklin County, Pennsylvania. The organization operates the following locations:
- Keystone Health
- Keystone Dental Care
- Keystone Pediatrics – Waynesboro
- Keystone Internal Medicine
- Keystone Family Medicine
- Keystone Women’s Health
- Keystone Pediatric Dental
- Keystone Urgent Care
- Keystone Behavioral Health
- Keystone Foot and Ankle
- Keystone Community Health Services
- Keystone Chiropractic
- Keystone Pediatrics – Chambersburg
- Keystone Pharmacy
Keystone Health employs more than 540 people and generates approximately $35 million in annual revenue.
Original report: https://www.jdsupra.com/legalnews/keystone-health-reports-information-of-7233818/