In January 2021, Colorado Retina Associates discovered that an unauthorized individual accessed the email account of an employee and sent out phishing emails to company contacts. An investigation confirmed that Colorado Retina Associates email accounts were compromised, which held patients’ protected health information (PHI).
Colorado Retina Associates performed a password reset for their email network, though data exposed may include the following:
- Home addresses
- Telephone numbers
- Medical conditions
- Dates of birth
- Email Addresses
- Social Security numbers
- Insurance information
- Lab and Diagnostic information
- Payment details
- Credit card information
- Driver’s license numbers
Medical records contain multiple personal identifying characteristics of individual patients, and cybercriminals may use this data in various fraudulent schemes. The medical data can be sold on the dark web, and may remain out in the open forever.
According to the U.S. Department of Health and Human Services, since the start of 2021 there have been dozens of reports of medical data theft, unauthorized access, and cyberattacks on healthcare network servers, email accounts, and electronic medical records.
The Lyon Firm has extensive experience filing claims nationwide and is currently involved in various medical data breach litigation, engaging negligent companies when personal data is stolen or leaked. We take personal privacy violation cases very seriously, and aim to compensate victims of data misuse and data breach incidents.