Behavioral healthcare provider, Circles of Care, Inc recently experienced a data breach, according to JD Supra. Circles of Care provides mental health services, including drug and alcohol abuse services, and operates in ten locations across the state of Florida. It is a large organization that employs over 400 people and generates $40 million in annual revenue. Tens of thousands of patients’ data were breached and possibly removed from the server. Find out how Circles of Care could potentially be facing a lawsuit for the recent breach.
Circles of Care. is a behavioral healthcare provider based in Valrico, Florida. The company provides mental health services, alcohol and drug abuse services, and other related services to patients through a variety of hospital-based and state and county-contracted programs.
Quick Overview of Breach
The U.S. Department of Health and Human Services, Office for Civil Rights has received notice that an unauthorized party was able to access and potentially steal patient information from Circles of Care. The breach occurred through the computer network of the organization. An unauthorized party was able to obtain patients’ personal information, including bank and medical information. Circles of Care began sending out letters informing affected individuals of the data breach.
Circles of Care holds an incredible amount of personal and sensitive patient information. This information in the wrong person’s hands could be used to commit identity theft and fraud. Due to this, Circles of Care should be taking the highest level of precaution with their computer systems. The breach could mean that the organization failed to take data security seriously. If it turns out that Circles of Care was negligent, victims could pressure a lawsuit against the company.
The Details Thus Far
All the information known about this breach is from the U.S. Department of Health and Human Services, Office for Civil Rights. The breach was first detected on September 21, 2022, after suspicious activity was detected. Right away, the organization secured its systems and began working with specialists to investigate the incident and find out what patient data was compromised.
An unauthorized actor gained access to the computer network on September 6, 2022. The breach was confirmed on November 29, 2022. Confidential patient information was accessed by an unauthorized actor, and some of these files may have been removed from the server.
Once the breach was discovered, Circles of Care reviewed the affected files to determine what information was compromised and which patients were affected. The breached information varies by the individual affected but includes name, address, bank information such as routing number, and medical information such as provider’s name, service date, and diagnosis.
Most Recent Update
Circle of Care notified individuals affected by the breach on January 3, 2023. The breach affected 61,170 people, as stated by the U.S. Department of Health and Human Services, Office for Civil Rights. Data breaches unfortunately are not uncommon, but having some of the data potentially completely removed and stolen is rare. Circles of Care had flaws in their servers but seemed to handle the breach as quickly as they could, starting an investigation the same day the breach was found. Whether or not this breach occurred due to negligence, we will have to wait and find out.
Resources:
If you want to make sure your practice is HIPAA compliant visit: HIPAA Diagnostic® – $100 Challenge
Source:
Console, Richard Jr. “Circles of Care, Inc. Files Notice af Data Breach Affecting More Than 61K Patients.”JDSupra,13Jan.2023, www.jdsupra.com/legalnews/circles-of-care-inc-files-notice-of-9081492/. Accessed 16 Jan. 2023.
