Texas-based healthcare provider In-Home Attendant Services, Ltd. recently reported that a data breach affected 22,000 consumers, exposing their Social Security numbers, medical records, and financial data.
On December 20, 2024, In-Home Attendant Services filed a notice with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), reporting a “Hacking / IT incident” that compromised sensitive information stored on the company’s network server. Before this, the company had informed the Attorney General of Texas on November 19, 2024.
The investigation revealed that an unauthorized party accessed data containing consumers’ names, Social Security numbers, driver’s license numbers, financial account details, medical records, health insurance information, and dates of birth.
In response, the company initiated a review of affected files to identify impacted individuals and has begun sending data breach notification letters.
The In-Home Attendant Services (IHAS) public notice says, “IHAS immediately isolated and disconnected the entire network the same day. On the same day, IHAS also initiated its incident response plan and took immediate steps to investigate the incident and engage cybersecurity experts.”
The company added, “IHAS has built a new computer network and has implemented state-of-the-art software to prevent, detect, and recover from cyber threats in real time.”
Healthcare organizations, like IHAS, store large amounts of personally identifiable information (PII) and protected health information (PHI), making it a major target for hackers. These cybercriminals use sophisticated methods, exploiting system vulnerabilities to gain unauthorized access to sensitive data, putting patient privacy and safety at risk. Consumers who receive a notification letter from IHAS must monitor their credit and potentially consult a legal expert.
Learn more: What is the difference between PII and PHI?
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.