First Choice Community Healthcare, Inc.  confirms the data breach affecting patients’ protected health information |  Console and Associates, PC

First Choice Community Healthcare, Inc. confirms the data breach affecting patients’ protected health information | Console and Associates, PC

On August 1, 2022, First Choice Community Healthcare, Inc. confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive user data contained within First Choice’s network. According to First Choice, the breach resulted in patient names, social security numbers and protected health information being compromised. First Choice recently sent data breach letters to all affected parties informing them of the incident and what they can do to protect themselves from identity theft and other fraud.

If you’ve been notified of a data breach, it’s important to understand what’s at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are after the First Choice Community Healthcare data breach, please see our recent feature on the topic here.

What we know about the First Choice Community Healthcare data breach

According to an official notice filed by the company, on March 27, 2022, First Choice detected unusual activity on its computer system, leading the company to believe it may have been the victim of a cyber attack. In response, First Choice enlisted the help of an independent cybersecurity firm to investigate the incident and determine whether patient data was compromised as a result.

The company’s investigation confirmed that an unauthorized party was able to access and may have removed patients’ personal and protected health information.

Upon discovering that sensitive user data had been accessed by an unauthorized party, First Choice Community Healthcare then reviewed the affected files to determine what information was compromised and which users were affected. The company completed this process on June 3, 2022. Although the information breached varies by individual, it may include your name, Social Security number, First Choice patient identification number, diagnosis and clinical treatment information, medications, dates of service, health insurance information, medical record number, patient account number, date of birth and provider information.

On August 1, 2022, First Choice Community Healthcare sent data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

First Choice Community Healthcare, Inc. is a health system based in Albuquerque, New Mexico. First Choice operates nine facilities in three New Mexico counties, including:

  • Alameda Medical Center

  • Alamosa Medical Center

  • Belen Medical Center

  • Edgewood Medical/Dental Center

  • Los Lunas Medical/Dental Center

  • North Valley Medical Center

  • Rio Grande HS – School Medical Center

  • South Broadway Medical Center

  • South Valley Medical/Dental Center

First Choice Community Healthcare employs more than 435 people and generates approximately $63 million in annual revenue.

Data breaches involving protected health information are on the rise

The First Choice Community Healthcare data breach affected a wide range of patient data, including Social Security numbers, insurance information and other health-related information. Based on the company’s statements in its data breach letter, the information leaked as a result of this breach appears to fall into the category of “protected health information.”

Protected health information is any identifying information that relates to a patient’s health status or how the patient pays for their health care. For example, diagnostic test results, prescription information, and past diagnoses may be considered protected health information. However, this information is considered to be only protected health information if it contains at least one identifier. An identifier is an additional piece of data that can be used to identify a patient. A few common identifiers include:

  • Biometric identifiers, such as fingerprints;

  • Email addresses;

  • fax number;

  • Full face images or other identifying photos;

  • Geographic identifiers (more specific than the patient’s country of residence);

  • Medical numbers;

  • Patient Account Numbers;

  • names of patients;

  • Telephone numbers;

  • Social Security Numbers; and

  • Dates for treatment.

Because protected health information is by definition easily associated with a patient, this data can be used by criminals to commit identity theft or other fraud against a patient. While any form of identity theft is serious, healthcare identity theft is often much more difficult to resolve and costs far more to patients than other types of data breaches, such as those that only affect their financial information.

One of the reasons healthcare data breaches are so serious is that in addition to the typical risks of fraud and unauthorized transactions, healthcare data breaches can put the physical health of patients at risk. In a typical scenario, a hacker sells a patient’s information to a third party who wants to receive medical treatment but can’t afford it or doesn’t want to pay for it. The third party buys patient data from the hacker and then uses it to obtain medical care on behalf of the victim.

However, in doing so, the patient’s false medical information can be confused with the patient’s medical information. For example, the fake patient may give the doctor a list of currently prescribed medications, previous medical procedures, or medications to which he is allergic. This can result in a patient’s medical record containing inaccurate information that can confuse providers, leading to an increased risk of patient harm.

Healthcare data breaches carry very real risks, and those who fall victim to such a breach should be sure they have taken the necessary steps to protect themselves.

Leave a Comment

Your email address will not be published.