Cybersecurity News
Cybersecurity15 Oct 2024 3m mass.gov

Gryphon Healthcare Alerts Patients About Security Incident

Gryphon Healthcare has informed patients about a recent data security breach involving unauthorized access to personal health information. They are offering identity protection services to those affected.
Gryphon Healthcare Alerts Patients About Security Incident

Key Takeaways

  • 1."You can enroll in the complementary services offered to you through IDX by calling 1-866-207-9451 or visiting our website," they noted.
  • 2."As a result of this third-party security incident, an unauthorized actor may have accessed certain files and data containing information relative to patients for whom Gryphon provides medical billing services," the company stated in its notification.
  • 3.Despite this alarming breach, Gryphon noted, "Gryphon has no evidence to suggest that any potentially impacted information has been misused because of this incident." ## Looking Ahead Upon discovering the breach, Gryphon took immediate corrective actions.

In a significant development, Gryphon Healthcare, LLC has issued a notification regarding a data security incident that may have exposed personal and protected health information of certain individuals. The company emphasized the importance it places on patient privacy and security, urging recipients to read the notice thoroughly.

The incident took place on August 13, 2024, when Gryphon became aware of unauthorized access through a partner organization that utilizes its medical billing services. "As a result of this third-party security incident, an unauthorized actor may have accessed certain files and data containing information relative to patients for whom Gryphon provides medical billing services," the company stated in its notification.

"As a result of this third-party security incident, an unauthorized actor may have accessed certain files and data containing information relative to patients for whom Gryphon provides medical billing services,"

In response to the breach, Gryphon Healthcare undertook a thorough review of the affected files, concluding this investigation on September 3, 2024. The complexity of the situation necessitated the gathering of contact information to adequately inform those possibly impacted.

Person using laptop with holographic cybersecurity shield and digital interface elements
Person using laptop with holographic cybersecurity shield and digital interface elements

By the Numbers

The information that may have been compromised includes a range of sensitive personal details. Patients could potentially see their name, date of birth, address, Social Security number, health insurance data, and medical treatment records exposed. Despite this alarming breach, Gryphon noted, "Gryphon has no evidence to suggest that any potentially impacted information has been misused because of this incident."

Looking Ahead

Upon discovering the breach, Gryphon took immediate corrective actions. The company has increased security measures to mitigate future risks. Importantly, they have also partnered with IDX, a data breach recovery services expert, to offer additional protection. "Out of an abundance of caution, we are offering identity theft protection services through IDX," the company explained.

"Out of an abundance of caution, we are offering identity theft protection services through IDX,"

These protection services include credit monitoring for up to 24 months, a $1,000,000 insurance reimbursement policy, and comprehensive managed identity theft recovery. Gryphon underscored that these measures would assist those affected in resolving any possible issues arising from identity compromise.

For patients looking to utilize these resources, Gryphon provided details on how to enroll. "You can enroll in the complementary services offered to you through IDX by calling 1-866-207-9451 or visiting our website," they noted. Interested individuals have until January 11, 2025, to take advantage of these services.

"You can enroll in the complementary services offered to you through IDX by calling 1-866-207-9451 or visiting our website,"

Multiple computer monitors displaying cybersecurity dashboards, world maps, and data analytics in a dark control room
Multiple computer monitors displaying cybersecurity dashboards, world maps, and data analytics in a dark control room

Gryphon Healthcare has also suggested a series of actions that patients can undertake to protect their information further. They recommend regularly reviewing account statements and credit reports to catch any potential fraudulent activity promptly. "If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained," the company advised.

"If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained,"

Additionally, they encourage individuals to request copies of their credit reports from the three major reporting agencies—Equifax, Experian, and TransUnion—to ensure no unauthorized accounts are opened in their names. For further protection, Gryphon suggests that individuals consider placing a fraud alert on their credit reports.

In conclusion, Gryphon Healthcare expressed earnest apologies for the incident, emphasizing their commitment to patient safety and trust. "We take your trust in us and this matter very seriously," the company declared. As the healthcare industry faces increasing cybersecurity challenges, the response from organizations like Gryphon highlights the need for ongoing vigilance and proactive measures to protect personal data.

"We take your trust in us and this matter very seriously,"

personal informationdata securityidentity thefthealthcarebreach notification