First Choice Community Healthcare, Inc.  Confirms data breach affects protected patient health information |  Console and Associates, PC

First Choice Community Healthcare, Inc. Confirms data breach affects protected patient health information | Console and Associates, PC

On August 1, 2022, First Choice Community Healthcare, Inc. confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained within First Choice’s network. According to First Choice, the breach resulted in patient names, social security numbers and protected health information being compromised. First Choice recently sent data breach letters to all affected parties informing them of the incident and what they can do to protect themselves from identity theft and other fraud.

If you’ve received a data breach notification, it’s important to understand what’s at stake and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are after the First Choice Community Healthcare data breach, see our recent article on the topic here.

What we know about the First Choice community healthcare data breach

According to an official announcement filed by the company, on March 27, 2022, First Choice discovered unusual activity on its computer system, leading the company to believe it may have been the victim of a cyber attack. In response, First Choice enlisted the help of an independent cybersecurity firm to investigate the incident and determine whether patient data was compromised as a result.

The company’s investigation confirmed that an unauthorized party was able to access, and potentially remove, patients’ personal and protected health information.

After discovering that sensitive consumer data was accessed by an unauthorized party, First Choice Community Healthcare reviewed the affected records to determine what information had been compromised and which consumers were affected. The company completed this process on June 3, 2022. Although breached information varies by individual, it may include your name, social security number, first choice patient ID number, diagnosis and clinical treatment information, medications, dates service, health insurance information, medical record number, patient account number, date of birth and provider information.

On August 1, 2022, First Choice Community Healthcare sent data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

First Choice Community Healthcare, Inc. is a healthcare system based in Albuquerque, New Mexico. First Choice operates nine facilities in three New Mexico counties, including:

  • Alameda Medical Center

  • Alamosa Medical Center

  • Belen Medical Center

  • Edgewood Medical/Dental Center

  • Los Lunas Medical/Dental Center

  • North Valley Medical Center

  • Rio Grande HS – School Based Medical Center

  • South Broadway Medical Center

  • South Valley Medical/Dental Center

First Choice Community Healthcare employs more than 435 people and generates approximately $63 million in annual revenue.

Data breaches involving protected health information are on the rise

The First Choice Community Healthcare data breach affected a wide range of patient data, including social security numbers, insurance information and other healthcare-related information. Based on the company’s statements in the data breach letter, the information leaked as a result of this breach appears to fall under the category of “protected health information.”

Protected health information is any identifying information related to a patient’s health status or how a patient pays for their health care. For example, the results of a diagnostic test, prescription information, and past diagnoses can all be considered protected health information. However, this information is only considered to be are protected health information if it contains at least one identifier. An identifier is an additional piece of data that can be used to identify a patient. Some common identifiers include:

  • Biometric identifiers, such as fingerprints.

  • Email addresses?

  • Fax numbers.

  • Full body images or other photo identification.

  • Geographic identifiers (more specifically from a patient’s state of residence).

  • Medical file numbers.

  • Patient account numbers.

  • Names of patients?

  • Phone numbers?

  • Social Security Numbers; and

  • Dates of treatment.

Because protected health information, by definition, is easily linked to a patient, this data can be used by criminals to commit identity theft or other fraud against a patient. While any form of identity theft is serious, healthcare identity theft is often much more difficult to resolve and has a far greater cost to patients than other types of data breaches, such as those that only affect their financial information.

One reason healthcare data breaches are so serious is that, in addition to the typical risks of fraud and unauthorized transactions, healthcare data breaches can put the physical health of patients at risk. In a typical scenario, a hacker sells a patient’s information to a third party who wants to receive medical care but can’t afford or doesn’t want to pay for it. The third party buys patient data from the hacker and then uses it to obtain medical treatment in the victim’s name.

In doing so, however, the patient’s fake medical information may be mixed with the patient’s medical information. For example, the fake patient could give a doctor a list of their current prescription medications, past medical procedures, or medications to which they are allergic. This can result in a patient’s medical record containing inaccurate information, which can be confusing to providers, leading to an increased risk of patient harm.

Healthcare data breaches pose very real risks, and those who fall victim to such a breach should absolutely take the necessary steps to protect themselves.

Leave a Comment

Your email address will not be published.