Familylinks concluded a three-month comprehensive review of all data affected after suspicious activity was detected within one of its employee's emails on May 3, 2024.
What happened
After Familylinks discovered suspicious activity within an employee email account on May 3, 2024, they immediately reached out to independent cybersecurity experts to assist in the investigation process. The investigation, which concluded on October 3, 2024, revealed that certain emails and attachments were accessed without authorization and resulted in certain individuals' protected health information (PHI) being affected.
The information that may have been potentially affected includes individuals' names, driver's license or state ID numbers, federal ID numbers, dates of birth, Social Security numbers, medical information (including diagnosis and treatment information), and/or health insurance information, including policy numbers.
What was said
According to a press release by Familylinks, they have "no evidence that the information potentially involved in this incident has been misused, out of an abundance of caution, Familylinks is informing affected individuals about the steps they can take to help protect their information."
Familylinks also provided written notice of the breach via US mail to the affected individuals, and they have implemented enhanced security measures to prevent similar acts of this nature in the future
What's next
Even though Familylinks has no knowledge of how the potentially affected PHI may have been misused, they suggested steps that individuals can take to protect themselves and their PHI. Individuals should:
- Inform financial institutions immediately if suspicious activity, like unauthorized transactions, is detected on accounts.
- Request a copy of their credit report, which is free of charge once every 12 months, by visiting www.annualcreditreport.com.
- Take steps recommended by the Federal Trade Commission to protect themselves from identity theft.
Why it matters
According to a study titled Brief Reports: The Impact of Fear of HIPAA Violation on Patient Care, "As to privacy, it would be difficult to overstate its importance in the effective patient-treater relationship. Indeed, it is the very foundation of trust". This study reveals that a threat to the safety of PHI can lead to distrust from the patients, especially in a mental health context.
FAQs
What is a data breach?
A data breach is the unauthorized access of protected health information. You can read more about what constitutes a breach here.
What should covered entities do in the event of a data breach?
In the event of a data breach, covered entities should notify all affected parties and take all the necessary steps to avoid further unauthorized access.
What should individuals do if they suspect that their personal information has been compromised?
Individuals whose personal information was exposed in a data breach should act quickly and change their passwords, add a fraudulent alert to their credit report, and consider placing a security freeze on their credit reports.
