First Choice Community Healthcare, Inc. Confirms Data Breach Impacting Patients’ Protected Health Information |  Console and Partners, PC

First Choice Community Healthcare, Inc. Confirms Data Breach Impacting Patients’ Protected Health Information | Console and Partners, PC

On August 1, 2022, First Choice Community Healthcare, Inc. confirmed that the company was affected by a data breach after an unauthorized party gained access to sensitive consumer information contained on First Choice’s network. According to First Choice, the breach resulted in patients’ names, social security numbers and protected health information being compromised. First Choice recently sent out data breach letters to all affected parties, notifying them of the incident and what they can do to protect themselves from identity theft and other scams.

If you’ve received a data breach notification, it’s important that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from being a victim of fraud or identity theft, and what your legal options are after the First Choice Community Healthcare data breach, please read our recent article on the subject here.

What we know about the First Choice Healthcare Community data breach

According to an official company announcement, on March 27, 2022, First Choice discovered unusual activity on its computer system, leading the company to believe that it may have been the victim of a cyber attack. In response, First Choice enlisted the assistance of an independent cybersecurity firm to investigate the incident and determine whether patient data was compromised as a result.

The company’s investigation confirmed that an unauthorized party was able to access and potentially remove patients’ personal and proprietary health information.

When First Choice Community Healthcare discovered that confidential consumer data was being accessed by unauthorized persons, it reviewed the affected files to determine which information was compromised and which consumers were affected. The Company completed this process on June 3, 2022. While the information breached varies by individual, it may include your name, social security number, First Choice patient ID number, diagnostic and clinical treatment information, medications, benefit data, health insurance information, medical record number, patient account number, date of birth, and Vendor Information.

On August 1, 2022, First Choice Community Healthcare sent out data breach letters to anyone whose information was compromised as a result of the recent data security incident.

First Choice Community Healthcare, Inc. is a healthcare system based in Albuquerque, New Mexico. First Choice operates nine facilities in three New Mexico counties, including:

  • Alameda Medical Center

  • Alamosa Medical Center

  • Belen Medical Center

  • Edgewood Medical/Dental Center

  • Los Lunas Medical/Dental Center

  • Medical Center Nordtal

  • Rio Grande HS – School based medical center

  • South Broadway Medical Center

  • South Valley Medical/Dental Center

First Choice Community Healthcare employs more than 435 people and has annual sales of approximately $63 million.

Data breaches involving protected health information are on the rise

First Choice Community Healthcare’s data breach affected a variety of patient data, including social security numbers, insurance information, and other health-related information. Based on what the company said in its data breach letter, the information leaked as a result of this breach appears to fall under the “Protected Health Information” category.

Protected health information is any identifying information that relates to a patient’s medical condition or how a patient pays for their healthcare. For example, diagnostic test results, prescription information, and prior diagnoses may all be considered protected health information. However, this information is only valid as protected Health information if it includes at least one identifier. An identifier is an additional piece of data that can be used to identify a patient. Some common identifiers are:

  • biometric identifiers such as fingerprints;

  • Email address;

  • fax numbers;

  • full-face images or other identifying photographs;

  • Geographic identifiers (more specific than a patient’s country of residence);

  • medical record numbers;

  • patient account numbers;

  • patient names;

  • phone numbers;

  • social security numbers; and

  • treatment appointments.

Because protected health information, by definition, can be easily linked to a patient, this data can be used by criminals to carry out identity theft or other fraud against a patient. While any form of identity theft is serious, healthcare identity theft is often much more difficult to resolve, and it comes at a far greater cost to patients than other types of data breaches, e.g. B. those that only affect their financial information.

One reason healthcare data breaches are so serious is that, alongside the typical risks of fraud and unauthorized transactions, healthcare data breaches can endanger the physical health of patients. In a typical scenario, a hacker sells a patient’s information to a third party who wants medical treatment but cannot afford or pay for it. The third party buys patient data from the hacker and then uses it to obtain medical care on the victim’s behalf.

However, at this time, the fake patient’s medical information may be mixed with the patient’s medical information. For example, the fake patient could provide a doctor with a list of their current prescription medications, their past medical procedures, or the medications they are allergic to. This can result in a patient’s medical record containing inaccurate information, which can confuse providers and lead to an increased risk of harm to the patient.

Healthcare data breaches pose very real risks and it is important for those who are victims of such a breach to take the necessary steps to protect themselves.

Leave a Comment

Your email address will not be published.