On September 9, 2022, One Medical, Inc. confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive consumer data that had been entrusted to the company. According to One Medical, the breach resulted in the compromise of names, addresses, social security numbers and medical information. Recently, One Medical sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves against identity theft and other fraud. The company estimates that 964 people in Texas alone were affected by the incident; however, the total number of casualties nationwide remains unknown at this stage.
What we know about the only medical data breach
News of the One Medical data breach is still fresh and therefore relatively limited. What we know about the One Medical data breach comes from the company’s official filing with the Texas Attorney General. According to this source, the breach involved names, addresses, social security numbers and medical information. Depending on the types of data that were compromised, it’s possible the breach could have affected company employees or customers, or both.
On September 9, 2022, One Medical sent data breach letters to everyone whose information was compromised as a result of the recent data security incident. The company sent 964 letters to residents of Texas and an unknown number of letters to consumers in other states.
One Medical, Inc. is a healthcare provider in Sherman, Texas. The company operates an urgent care facility, specializing in the treatment of sprains and strains, skin rashes, upper respiratory tract symptoms, lacerations, musculoskeletal injuries, fractures, abscesses or any other urgent condition.
Was patient protected health information disclosed as a result of a medical breach?
One Medical’s data breach resulted in the leak of a significant amount of consumer information. Among the compromised data was the “medical information” of the parties involved. While we’re not sure what the company was referring to when it used the term medical information, chances are it’s protected health information. Indeed, healthcare data breaches have become extremely common in 2022, with more than 2 million people whose PHIs were compromised this year alone.
As cybercriminals and other malicious actors continue to focus their efforts on obtaining protected health information from patients, it is critically important for victims of a health data breach to understand what is at risk and what are their options.
The first step is to understand what is meant by “protected health information”. Protected health information, often referred to as PHI, is demographic information, medical history information, test and lab results, mental health information, insurance information, and other data that physicians and other healthcare professionals collect to identify a patient and determine appropriate treatment. . For example, lab results, MRI and CT scan results, and your current list of medications could all be considered PSRs.
The collection and use of PHI is governed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, not all data related to your healthcare is considered “protected” under HIPAA. For data to be considered “protected”, it must contain at least one identifier. Under HIPAA, there are 18 different identifiers, the most common of which are:
Address (anything smaller than a state);
Social Security number;
Dates (more precise than a simple year) related to an individual, such as a patient’s date of birth, date of admission, etc. ;
medical file number;
Internet Protocol (IP) address;
Biometric IDs, such as a fingerprint or voice print;
Head-on photographs and other photos of identifying features; and
Any other unique identifying characteristic.
Given the personal nature of your protected health information, health data breaches are of great concern. However, in addition to strangers gaining access to your personal information, there is also a risk of physical and financial harm. Hackers who obtain protected medical information may attempt to obtain medical treatment on your behalf or sell the information to another party who plans to do the same. This not only leaves you liable for the bill, but can also cause someone else’s information to be confused with yours in your medical records.
Those who believe their protected health information has been compromised in a data breach should contact an experienced data breach attorney to learn more about how to protect themselves and whether they can file a claim for damages. the organization responsible for the violation.
This year alone, hackers have stolen the sensitive information of more than 55 million Americans. Many of these victims have experienced identity theft or other fraud, which can take months to resolve and end up costing them thousands of dollars. To learn more about the potential damage of a data breach, how to protect yourself, and the legal remedies available to you, click here to read our recent article on the subject.