Dec 28, 2021 | Data Breach
Unauthorized Individuals Gained Access To Certain Mon Health E-Mail Accounts – Patient, Provider, Employee, And Contractor Information May Have Been Accessed
In a “Notice of Data Security Incident,” “Mon Health” (i.e., Monongalia Health System, Inc., including affiliated hospitals Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company) reported the following:
Mon Health determined that unauthorized individuals gained access to certain Mon Health email accounts between the dates of May 10, 2021 and August 15, 2021. In response, Mon Health secured the email accounts and reset their passwords.
Based on its investigation, Mon Health believes the purpose of the unauthorized access to the email accounts was to obtain funds from Mon Health through fraudulent wire transfers and to perpetrate an email phishing scheme, not to access personal information. That said, Mon Health cannot rule out the possibility that emails and attachments in the involved Mon Health email accounts containing patient, provider, employee, and contractor information may have been accessed as a result of this incident.
Thus, out of an abundance of caution, Mon Health conducted a comprehensive search of the contents of those email accounts to identify the information they contained. Through this search, Mon Health identified emails and attachments that contained the following information relating to patients and members of Mon Health’s employee health plan: names, Medicare Health Insurance Claim Numbers (which could contain Social Security numbers), addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, claims information, medical and clinical treatment information and/or status as a current or former Mon Health patient. [Emphasis added.]
The U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal, reflects the hacking/IT incident affected 398,164 individuals.
To view the Notice of Data Security Incident, please click “Mon Health”
Have You Been Impacted by A Data Breach?
If so, please complete the form on the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], [email protected], for a free, no-obligation evaluation of potential legal claims.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Dec 28, 2021 | Data Breach
Ransomware Group Reportedly Targets Shutterfly
On December 27, 2021, ZDNet.com reported that “Shutterfly reported a ransomware attack on Sunday [December 26, 2021].” The incident was first reported by Bleeping Computer, which said a source told them the company was attacked by the Conti ransomware group.” ZDNet.com reported that “[i]n a statement, the company said portions of the Lifetouch and BorrowLenses business were affected. They experienced interruptions with Groovebook, manufacturing offices, and some corporate systems as well.”
Shutterfly, according to the ZDNet.com report, is “assessing the full scope of any data that may have been affected,” and Shutterfly does “not store credit card, financial account information, or the Social Security numbers of [its] Shutterfly.com, Snapfish, Lifetouch, TinyPrints, BorrowLenses, or Spoonflower customers, and so none of that information was impacted in [the] incident.”
Reportedly, Another, But Smaller, Data Breach Suffered By T-Mobile
On December 28, 2021, Cnet.com reported that “[o]n the delayed heels of its huge data breach in August, the T-Mo Report brings news . . . of another possible data breach. This one seems to impact a smaller group of customers who received notifications of ‘unauthorized activity’ on accounts consisting of customer proprietary network information or a physical SIM swap (or both), according to the site.”
According to Cnet.com, Customer Proprietary Network Information “. . . consists of all the data T-Mobile has about your phone calls, which according to the carrier [are] ‘features of your voice calling service (e.g., international calling), usage information (like call logs—including date, time, phone numbers called, and duration of calls), and quantitative data like minutes used.’ It doesn’t contain any billing-related information like names or addresses.”
Additionally, according to Cnet.com, “[a]n unapproved physical SIM swap allows someone else to take over your phone number, and if they have your password, to potentially gain access to accounts linked to it — such as if you use text for multifactor authentication.”
For additional information on protecting your identity from a SIM-swap scam, please click the CNet.com article, “T-Mobile data breach and SIM-swap scam: How to protect your identity.”
Have You Been Impacted by A Data Breach?
If so, please complete the form on the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], [email protected], for a free, no-obligation evaluation of potential legal claims.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Dec 28, 2021 | Blog, Car Problems Car Complaints
More Than Three Million Hyundais & Kias Subject Of New Engineering Analysis – Investigation Involves Model Year 2011-2016 Hyundai Sonata, Hyundai Santa Fe, Hyundai Elantra & Kia Sorento, Kia Rio, Kia Optima & Kia Soul Vehicles
Vehicle owners and lessees should be aware that on December 28, 2021, Autoblog.com posted an Associated Press article which reported that “U.S. auto safety regulators have stepped up a series of investigations into engine fires that have plagued Hyundai and Kia vehicles for more than six years.”
According to the story posted on Autoblog.com, “[t]he National Highway Traffic Safety Administration says a new engineering analysis investigation covers more than 3 million vehicles from the 2011 through 2016 model years. The agency has received 161 complaints of engine fires, some of which occurred in vehicles that had already been recalled.”
Reportedly, “[t]he vehicle fires involve the related Korean automakers’ Theta II GDI, Theta II MPI, Theta II MPI hybrid, Nu GDI and Gamma GDI engines. Models covered include Hyundai’s Sonata, Santa Fe, and Elantra and as well as Kia’s Sorento, Rio, Optima and Soul. Model years covered are 2011 through 2016.” [Emphasis added.]
VEHICLE OWNERS AND LESSEES AFFECTED BY AUTOMOTIVE DEFECTS OR SAFETY RECALLS ARE ENCOURAGED TO CONTACT KEHOE LAW FIRM, P.C., [email protected], FOR A FREE, NO-OBLIGATION EVALUATION OF POTENTIAL LEGAL CLAIMS.
Dec 28, 2021 | Data Breach
Florida Digestive Health Specialists Suffers Data Security Incident Involving Protected Health Information
In a December 27, 2021 “Notice of Data Breach,” Florida Digestive Health Specialists, LLP (“FDHS”) notified consumers that “[o]n December 16, 2020, an employee noted suspicious activity within their FDHS email account that resulted in suspicious emails having been sent from their employee account. Several days later, on December 21, 2020, FDHS learned that funds had been misrouted to an unknown bank account.”
The “Notice of Data Breach” stated that its investigation of the data breach “. . . found that a limited number of FDHS employee email accounts had been accessed by unauthorized users. [The] investigation was involved and, though access was confined to a limited number of FDHS email accounts, those accounts were voluminous. FDHS investigated those email accounts to determine what information was found in those accounts, whether it constituted personal information, protected health information, or other confidential information, and to whom that information belonged. This process took a considerable amount of time and only concluded on November 19, 2021.”
According to the data breach notice, “[t]he categories of PHI present in the posted data set include . . . first and last name, address, date of birth, Social Security number, financial information, health insurance information, medical information, diagnosis, health insurance individual policy number, and Medicare/Medicaid information.” [Emphasis added.]
The total number of persons affected, according to the Office Of The Maine Attorney General, is 212,509.
Source: Office Of The Maine Attorney General
Have You Been Impacted by A Data Breach?
If so, please complete the form on the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], [email protected], for a free, no-obligation evaluation of potential legal claims.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
