Familylinks concluded a three-month comprehensive review of all data affected after suspicious activity was detected within one of its employee's emails on May 3, 2024.
After Familylinks discovered suspicious activity within an employee email account on May 3, 2024, they immediately reached out to independent cybersecurity experts to assist in the investigation process. The investigation, which concluded on October 3, 2024, revealed that certain emails and attachments were accessed without authorization and resulted in certain individuals' protected health information (PHI) being affected.
The information that may have been potentially affected includes individuals' names, driver's license or state ID numbers, federal ID numbers, dates of birth, Social Security numbers, medical information (including diagnosis and treatment information), and/or health insurance information, including policy numbers.
According to a press release by Familylinks, they have "no evidence that the information potentially involved in this incident has been misused, out of an abundance of caution, Familylinks is informing affected individuals about the steps they can take to help protect their information."
Familylinks also provided written notice of the breach via US mail to the affected individuals, and they have implemented enhanced security measures to prevent similar acts of this nature in the future
Even though Familylinks has no knowledge of how the potentially affected PHI may have been misused, they suggested steps that individuals can take to protect themselves and their PHI. Individuals should:
According to a study titled Brief Reports: The Impact of Fear of HIPAA Violation on Patient Care, "As to privacy, it would be difficult to overstate its importance in the effective patient-treater relationship. Indeed, it is the very foundation of trust". This study reveals that a threat to the safety of PHI can lead to distrust from the patients, especially in a mental health context.
A data breach is the unauthorized access of protected health information. You can read more about what constitutes a breach here.
In the event of a data breach, covered entities should notify all affected parties and take all the necessary steps to avoid further unauthorized access.
Individuals whose personal information was exposed in a data breach should act quickly and change their passwords, add a fraudulent alert to their credit report, and consider placing a security freeze on their credit reports.