Late last year, MedData removed databases from their public site and hired a cybersecurity firm to review the files that may have been compromised in a data breach event. The leaked data allegedly included patient names, subscriber IDs, Social Security numbers, medical records, dates of services, medical procedure codes, insurance policy numbers, provider names, phone numbers, and dates of birth.
The clients directly impacted by the MedData data breach event were notified in February 2021, but the Department of Health and Human Services and patients were informed until March 31. MedData says affected patients will receive free credit monitoring and identity protection services, though plaintiffs believe they deserve more compensation.
King’s Daughters’ Health System, OSF HealthCare, Aspirus, UChicago Medicine, and Memorial Hermann Health System have all issued their own MedData related data breach notifications. According to statements, MedData is working to confirm all personal data compromised in the incident has been destroyed.
About one-third of healthcare databases are stored in the cloud, which makes cybersecurity of upmost importance. Healthcare entities have a duty to safeguard against data leaks, particularly when data breach events appear to be more frequent.