Ohio-based healthcare provider Prentke Romich Company (operating as PRC-Saltillo) filed a data breach notification with the Massachusetts Attorney General on September 12, 2024, after discovering unauthorized access to its network.
The hacking/IT incident exposed the personally identifiable information (PII) of 51,627 individuals. PRC-Saltillo immediately began notifying the affected individuals.
What happened
PRC-Saltillo's computer network initially reported suspicious activity on August 21, 2024. The subsequent investigation established that an unauthorized party accessed their network from August 13, 2024, to August 21, 2024, who copied files containing confidential consumer data.
On September 3, 2024, the company completed its review of compromised information and mailed letters providing notification of the breach to affected individuals on September 12, 2024. The incident was documented as a hacking incident on their network server and was reported to have occurred on September 25, 2024.
What was said
The PRC-Saltillo notification letter states, “We take the confidentiality, privacy, and security of information very seriously. In response to this event, we promptly took steps to secure our systems and commenced a detailed investigation to determine the full nature and scope of the event. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our policies, procedures, and processes related to the storage and access to personal information.”
By the numbers
- PRC-Saltillo employs more than 247 staff.
- The organization has an estimated annual turnover of $62 million.
- 51,627 individuals are affected by this data breach.
Why it matters
Exposing personal information puts individuals at risk of identity theft and financial fraud. Therefore, healthcare providers must promptly inform affected individuals if their personal information has been compromised to minimize the potential damage.
The bottom line
The affected individuals should probe into the information provided in the notification letters they received and possibly seek legal counsel.
Furthermore, PRC-Saltillo must improve its cybersecurity to prevent future breaches and safeguard consumer trust.
FAQs
What is a data breach?
A breach occurs when an unauthorized party gains access, uses, or discloses protected health information (PHI) without permission. Breaches include hacking, losing a device containing PHI, or sharing information with unauthorized individuals.
What should individuals do if their data has been compromised?
If individuals suspect their data has been compromised, they must monitor their accounts for suspicious activity and immediately report any unauthorized transactions.
What are the penalties for violating HIPAA regulations?
Civil penalties for HIPAA violations can include fines ranging from $141 to $71,162 per violation, with an annual maximum of $2,134,831 per violation. Criminal penalties are applied when HIPAA violations are knowingly committed, with increased fines and imprisonment.
Read also: Higher HIPAA penalties announced
