On December 24, 2024, Lexington Diagnostic Center (LDC) filed a data breach notice with the U.S. Department of Health and Human Services Office for Civil Rights (OCR). The breach, caused by unauthorized access to the company’s computer system, exposed sensitive consumer information, including Social Security numbers and medical details.
On March 16, 2024, Lexington Diagnostic Center identified suspicious activity on its computer network. Following the discovery, LDC secured their network, and cybersecurity experts launched an investigation.
The investigation revealed that an unauthorized party accessed archived files between February 26 and March 16, 2024. The compromised data varied by individual but could include names, addresses, phone numbers, dates of birth, Social Security numbers, and medical information.
After identifying affected individuals, LDC sent notification letters on December 24, 2024, outlining the specific data compromised.
The LDC public notice assures, “We have no evidence that any of your information has been used for identity theft or financial fraud as a result of this incident.”
It also stated its commitment to improving cybersecurity measures, saying, “LDC is committed to maintaining the privacy of personal information in its possession and has taken many precautions to safeguard it. LDC continually evaluates and modifies its practices to enhance the security and privacy of the personal information it maintains.”
Healthcare data breaches are increasingly common, affecting millions annually. These breaches compromise personal data, like protected health information (PHI), with long-term implications, including identity theft, financial fraud, and unauthorized use of medical identities. Healthcare organizations, like LDC, must invest in comprehensive cybersecurity measures to protect patient trust and data integrity.
Learn more: How HIPAA compliance improves patient trust
A breach occurs when an unauthorized party gains access, uses or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
See also: How to respond to a data breach
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and report any unauthorized transactions immediately.
No, under U.S. law, consumers are entitled to a free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. So, placing a fraud alert or credit freeze does not incur any costs.