Skip to main content
data on computer data on computer

GRIPA Data Breach Investigation | MOVEit Ransomware Attack

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating recent data breach notifications involving over 279,000 Greater Rochester Independent Practice Association Inc. (GRIPA) patients. Contact our data breach lawyers to learn more about compensation and your legal options moving forward.

What Happened at Greater Rochester Independent Practice Association?

The GRIPA data breach was recently announced, but stems from the MOVEit ransomware attack back in late May 2023. Why did it take so long to inform victims of this data breach? More will be known as the details emerge, but plaintiffs have filed a number of class actions against entities hit by the attack.

GRIPA filed with the U.S. Department of Health and Human Services Office for Civil Rights, noting over 279,000 individuals may have had personal data stolen, including Social Security numbers and medical data.  On the Greater Rochester website, they have posted a data security incident notice that says “a limited amount of protected health information (PHI) for patients” was acquired.

On May 31, 2023, GRIPA learned of the exploit of the MOVEit file transfer tool vulnerability. By September 1, 2023, the company concluded that protected health information was impacted. Two months later, letters were sent out to victims.

More About GRIPA

Founded in 1996, Greater Rochester Independent Practice Association Inc., is a health care provider based in Rochester, New York. GRIPA has over 1,300 physicians at affiliate hospitals.

Contact our class action attorneys with any new MOVEit file transfer data breach claims. We are currently involved in numerous MOVEit data breach cases and represent plaintiffs in all fifty states. Free consultations available.

It is critical to remain vigilant after any data theft incident, and to closely monitor your financial and healthcare accounts for signs of fraud or identity theft. Even a small amount of stolen personal or medical data can be manipulated to engage in nefarious cyber schemes. Learn more about how to protect yourself in our blog postings