FPS Medical Center, Ltd. Suffers Malware Attack, Exposing Information of Over 28,000 People | Console and Associates, PC

Recently, FPS Medical Center, Ltd (“FPS”) confirmed that the company was the target of what it calls a malware attack that exposed the personal information of 28,024 people. According to FPS, the breach resulted in the compromise of people’s full names, addresses, dates of birth, driver’s license numbers, medical information (including treatment and diagnosis information), and health insurance information. concerned. On May 6, 2022, the FPS filed a formal notice of breach and sent data breach letters to all affected parties.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the FPS Medical Center data breach, please see our recent article on the topic. here.

What we know about the FPS Medical Center data breach

According to an official notice filed by the company, on March 3, 2022, FPS Medical Center discovered that some of its systems had been encrypted with malicious software, or malware. In response, FPS has launched an internal investigation into the incident to learn more about its nature and scope, as well as to determine if any consumer data was compromised as a result. This investigation revealed that between February 28, 2022 and March 3, 2022, the affected company systems were accessible to the unauthorized party. Subsequently, FPS learned that the files accessed by the unauthorized party during this time contained sensitive consumer data.

After discovering that sensitive consumer data was accessible to an unauthorized party, FPS Medical Center then reviewed the affected files to determine exactly what information had been compromised. Although the information disclosed will vary depending on the individual, it may include your full name, address, date of birth, driver’s license, medical information, including treatment and diagnosis information, and health insurance information.

On May 6, 2022, FPS Medical Center sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.

More information about FPS Medical Center

FPS Medical Center is a health services company based in Lake Havasu, Arizona. The practice serves residents of the City of Lake Havasu, City of Bullhead, La Paz County, and Mohave County, providing a variety of health care-related services, including laboratory testing services , ultrasound services, echocardiogram services, electrocardiogram (ECG) services, skin biopsy services, joint injections, pulmonary function test, Protime/INR checks.

What to do after learning of a data breach affecting your protected health information

While most people associate data breaches with the leak of financial information or personal data, such as social security numbers, a growing number of hackers are orchestrating cyberattacks designed to obtain protected health information. Protected health information is information that identifies a person or can be used to identify a person. According to the U.S. Department of Health and Human Services, protected health information relates to any of the following:

  • The past, present or future physical or mental health or condition of a person,

  • The provision of health care to a person, or

  • Past, present or future payment for the provision of health care to a person.

The most significant threat presented by a healthcare data breach is someone using your information to receive medical treatment using your name. This can cause two major problems. First, after a health data breach, you may end up being charged for services you did not receive. Second, if someone is obtaining care on your behalf, it can lead to your medical records containing incorrect information, such as the prescriptions you take and the medications you are allergic to.

Healthcare data breaches present different risks and concerns than other types of data security incidents. In fact, Experian reports that the average cost to resolve a healthcare data breach is around $13,500, while the average cost to resolve a traditional data breach is around $1,300.

Given this reality, it is important that individuals whose protected health information has been compromised as a result of a data breach take certain steps to protect themselves.

Gather documentation and report the data security incident

The first thing to do after a data breach affects your protected health information is to gather all documentation of the breach. This includes the company’s data breach letter and any fraudulent medical bills you receive in the mail. You must also notify the Federal Trade Commission by submitting an identity theft report.

Review your current medical records

This next step is perhaps the most difficult but also the most important. You should gather all your medical records and review them to make sure they are still accurate. When reviewing your records, look for any unknown treatments. You should also check that addresses and phone numbers on file are correct and up-to-date.

Ask suppliers to correct all errors

If you notice an error in your medical records, you should ask the provider to correct the error immediately. Medical providers have a legal duty to correct claims based on error.

Those who have questions about what to do after a data breach and their rights against the company that leaked their information should contact an experienced data breach attorney as soon as possible.

Below is a copy of the initial data breach letter issued by FPS Medical Center (the actual notice sent to consumers can be found here):

Expensive [Consumer],

FPS Medical Center (“FPS”) is writing to inform you of a recent event that may affect the security of some of your information. Although there is no indication that your information has been misused in connection with this event, we provide you with information about the event, our response to it, and what you can do to better protect your personal information, if you deem it appropriate. do it.

What happened? On or about March 3, 2022, we learned that some systems in our computer network had been encrypted with malware deployed by an unknown actor. In response, we launched an investigation to determine the nature and extent of the event. The investigation determined that our systems were accessible to the unknown actor between February 28, 2022 and March 3, 2022. Although the investigation was unable to determine whether patient information stored in the systems concerned had actually been viewed or taken by the unauthorized actor, we could not rule out the possibility of such activity. Therefore, out of an abundance of caution, a thorough review of patient information stored in the affected systems has been performed to locate address information of potentially affected individuals in order to provide accurate and complete notices. This review was completed on April 25, 2022.

What information was involved? The following types of patient information were present in the affected systems during the event: full name, address, date of birth, driver’s license, medical information, including treatment and diagnosis information, and information about health insurance. For a limited number of individuals, the social security number may also have been present. However, we currently have no indication that any information was misused as a result of this event.

What we do. We take this event and the security of the information entrusted to us very seriously. Upon learning of this event, we immediately took steps to restore our operations and further secure our systems. As part of our ongoing commitment to the confidentiality of information entrusted to us, we are reviewing our existing policies and procedures and implementing additional administrative and technical safeguards to further secure the information in our systems and reduce the risk of recurrence. . Additionally, we have reported this event to law enforcement and are notifying the appropriate government regulators, including the US Department of Health and Human Services.

What you can do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements, benefit explanations, and monitoring your credit reports for suspicious activity and detecting errors. Please see the attached document Steps you can take to help protect personal information for useful information on what you can do to better protect yourself against possible misuse of your information.

For more information. If you have additional questions, you can call our dedicated support line at 877-587-4021 (toll-free), Monday through Friday, 9 a.m. to 9 p.m. EST, excluding state holidays -United. You can also write to FPS at 297 S. Lake Havasu Avenue, Suite 204, Lake Havasu City, AZ 86403.