Call Us

Carespring Health Care Management Data Breach

Posted on behalf of Arnold Law Firm on September 12, 2024 in Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Carespring Health Care Management Data Breach, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On August 15, 2023, Carespring Health Care Management LLC (“Carespring”) first reported a data breach to the Maine Attorney General’s Office, followed by an additional report on September 9, 2024. Between October 12 and October 30, 2023, Carespring experienced a cybersecurity incident (“Data Breach”) during which sensitive and confidential information was accessed, viewed, and obtained by an unauthorized third party.

Recently, Carespring has begun mailing notification letters to affected individuals. These letters should provide victims with a list of what information belonging to them was compromised. In the notification, Carespring has also offered victims complimentary access to Kroll’s credit monitoring for 12 months.

As the Data Breach was only recently announced, Carespring has not yet disclosed further details. If you received a data breach notification letter from Carespring, it indicates that you were affected by the Data Breach.

Founded in 1997, Carespring is a company that provides a range of healthcare services, primarily focusing on senior care and rehabilitation. Headquartered in Loveland, Ohio, Carespring operates multiple facilities across the Cincinnati, Dayton, and Northern Kentucky areas, offering services such as skilled nursing, independent living, assisted living, memory care, and rehabilitation. With about 450 employees, Carespring is estimated to generate between $100 million to $500 million annually.

WHAT INFORMATION IS INVOLVED?

The exact nature of the data accessed varies by individual, but the type of information potentially compromised includes:

  • First and last names,
  • Addresses,
  • Dates of birth,
  • Social Security numbers,
  • Driver’s license numbers,
  • Medical diagnosis,
  • Treatment information,
  • Health insurance information,
  • Other.

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses that handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Carespring Health Care Management, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options or submit a confidential Case Evaluation form here.