The Maryland-based healthcare staffing firm has begun sending out breach notification letters.
What happened
Amergis Healthcare Staffing, Inc filed a notice of a data breach with the Attorney General of Maine and the Attorney General of Vermont. According to one report, approximately 11,329 individuals were impacted.
Amergis has not released any information on what data was impacted but stated that names and other personal identifiers were accessed alongside additional personal information.
Going deeper
Amergis recently rebranded from its original company, Maxim Healthcare Staffing, in April 2024 to distinguish itself from its sister company, Maxim Healthcare, which offers healthcare services.
Their company connects with healthcare practices or businesses and then recruits candidates to fill any open positions.
Information is somewhat limited regarding the breach, but Amergis did say it occurred on February 6th, 2024, and was discovered on the same day. The company filed a data breach notice on December 7th with Maine. The breach was described as an external system “breach (hacking).”
What was said
Amergis said “a compromise to its email environment” was detected, but they currently “have no indication that information has been or will be misused.”
Upon discovering the breach, the company immediately “secured and remediated the compromise, engaged additional third-party experts, hardened and enhanced our data security, and commenced an investigation.”
In response, Amergis is offering complimentary credit monitoring services to impacted individuals. They stated, “The protection, privacy, and proper use of personal information is paramount, and we are working to prevent this type of incident from occurring again.”
What’s next
Amergis Healthcare has not yet filed a breach report with the Department of Health and Human Services, which is mandated when a breach impacts more than 500 individuals. Filing these reports helps the government understand the frequency, severity, and cause of data breaches impacting healthcare.
For Amergis, the investigation is likely continuing, and so is preparing for what’s next. While Amergis stated the breach was caused by hacking through its email system, it’s hard to know what exactly led to the breach. For instance, it could have been caused by phishing or by a compromise to an employee’s email account. Once the exact cause is determined, Amergis will be able better fortify their existing security measures and prevent future vulnerabilities.
The big picture
Breaches like these are common, and while they may not affect millions of patients like larger breaches do, these breaches can still have an adverse effect on patients, who will have to monitor their credit for fraud or theft.
For organizations, once a breach takes place, it can be difficult to mitigate or resolve in hindsight. The best strategy is to prevent breaches before they can occur. Many attacks, especially against email, can easily be prevented with the right security system.
Related: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
