HMC Healthworks, Inc. recently issued a notification regarding a data security breach that may have exposed certain individuals' personal information. The organization emphasized its commitment to protecting patient data and issued an apology for any distress caused by the incident. "We sincerely apologize and regret any inconvenience this incident may cause," stated a representative from HMC.
"We sincerely apologize and regret any inconvenience this incident may cause,"
The situation unfolded on October 13, 2020, when HMC became aware that unauthorized entities had gained access to certain Microsoft Office 365 email accounts. These accounts were utilized for various business purposes, and the attackers were able to send unauthorized emails from them. In response to the breach, HMC swiftly enlisted the help of third-party forensic specialists to investigate the unauthorized activity.
It was uncovered that eleven email accounts had been compromised, with the unauthorized access occurring on September 15, 2020. The implications of this breach were significant, as emails were sent to some HMC employees and service providers, as well as individuals known to the compromised accounts.
HMC's examination revealed that sensitive personal details may have been accessed by the unauthorized party. "We discovered that the personal information of certain individuals, including their name and one or more of the following personal attributes was accessible: date of birth, current and any previous address, medical and health information including prescription information and, for a small percentage of individuals, Social Security number," the HMC representative explained. Despite this alarming discovery, the organization noted that there is currently no evidence the information has been misused. Nevertheless, they chose to notify potentially affected individuals as a precautionary measure.
Looking Ahead
As part of its response strategy, HMC has commenced mailing letters to those whose information was compromised. The company is additionally enhancing its security protocols to prevent future breaches. "We take the security of all information in our control very seriously and are taking steps to prevent a similar event from occurring in the future by implementing additional safeguards and security measures to enhance the privacy and security of information in our systems," the HMC representative added.
In a bid to alleviate concerns for those affected, HMC has secured services from IDX to offer identity monitoring at no cost for either twelve or twenty-four months, based on state law requirements. This service aims to restore confidence among individuals whose data might have been compromised.
For individuals seeking more information regarding the incident, HMC urges them to contact IDX directly at 1-800-939-4170, available Monday through Friday from 9 AM to 9 PM Eastern Time. HMC reiterated its commitment to protecting and securing personal information, emphasizing that their highest priority is the safety of their patients' data.
With the increased prevalence of cybersecurity threats, HMC’s incident serves as a reminder for organizations to continually evaluate and strengthen their data protection measures. In a digital landscape fraught with potential risks, ensuring the integrity of personal information is crucial for maintaining public trust.