Catholic Health Consultants Experience Data Breach
Minimum Data Set Consultants, LLC (MDS), a firm that provides consulting services to skilled nursing facilities across the country, experienced a data breach that may include medical record information from some long term care residents within Catholic Health. MDS is in the process of notifying the residents, their family members, or other responsible party.
In late March, MDS became aware of unusual activity involving certain electronic health records files and immediately began an investigation. It is believed the files were accessed without authorization on or about August 27, 2022 by a former MDS employee. Law enforcement was promptly notified and is continuing to investigate this incident. While it is uncertain what accounts were actually breached, out of an abundance of caution, MDS and Catholic Health have notified all long term care residents who have protected health information (PHI) in the medical records system.
The initial investigation determined that, at the time of the incident, the relevant files contained names, birthdates, demographic information, social security and Medicare numbers, and diagnosis information. While there is no indication the information accessed without authorization was misused for the purposes of identity theft, consumers are advised to remain vigilant against identity theft and fraud, review their account statements and explanation of benefits forms, and monitor credit reports for suspicious activity or errors.
Under U.S. Law, consumers are entitled to one free credit report annually from the county’s three major credit reporting bureaus by visiting annualcreditreport.com or calling, toll free, 1-877-322-8228. Consumers can also place an initial (one-year) or extended “fraud alert” or “credit freeze” on their credit file at no cost by contacting the credit bureaus listed below. A “credit freeze” prohibits credit bureaus from releasing credit report information without a consumer’s prior authorization to prevent credit, loans and other services from being approved without consent.
Data privacy and security are among Catholic Health’s highest priorities. The health system’s Information Security Office is conducting a thorough review of its application access and processes to prevent similar incidents from occurring in the future. MDS has also taken steps to ensure the individual suspected of this incident no longer has access to these records. For any other questions or concerns, MDS has set up a dedicated assistance line at 1-800-910-2374, available Monday — Friday from 9:00am — 7:00pm, ET.