Unauthorized Individuals Gained Access To Certain Mon Health E-Mail Accounts – Patient, Provider, Employee, And Contractor Information May Have Been Accessed

In a “Notice of Data Security Incident,” “Mon Health” (i.e., Monongalia Health System, Inc., including affiliated hospitals Monongalia County General Hospital Company and Stonewall Jackson Memorial Hospital Company) reported the following:

Mon Health determined that unauthorized individuals gained access to certain Mon Health email accounts between the dates of May 10, 2021 and August 15, 2021. In response, Mon Health secured the email accounts and reset their passwords.

Based on its investigation, Mon Health believes the purpose of the unauthorized access to the email accounts was to obtain funds from Mon Health through fraudulent wire transfers and to perpetrate an email phishing scheme, not to access personal information. That said, Mon Health cannot rule out the possibility that emails and attachments in the involved Mon Health email accounts containing patient, provider, employee, and contractor information may have been accessed as a result of this incident.

Thus, out of an abundance of caution, Mon Health conducted a comprehensive search of the contents of those email accounts to identify the information they contained. Through this search, Mon Health identified emails and attachments that contained the following information relating to patients and members of Mon Health’s employee health plan: names, Medicare Health Insurance Claim Numbers (which could contain Social Security numbers), addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, provider names, claims information, medical and clinical treatment information and/or status as a current or former Mon Health patient. [Emphasis added.]

The U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal, reflects the hacking/IT incident affected 398,164 individuals. 

To view the Notice of Data Security Incident, please click “Mon Health”

Have You Been Impacted by A Data Breach?

If so, please complete the form on the right or contact Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected][email protected]for a free, no-obligation evaluation of potential legal claims.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.