CCM Health Network Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from CCM Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

stock image: unauthorized users breached protected health informationOn or about June 6, 2024, CCM Health sent a Notice of Data Breach Letter (“Breach Letter”) via mail to victims of the CCM Health data breach informing them that their personal information, Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”), was obtained by unauthorized users who accessed CCM Health’s network (“data breach”) between April 3, 2023, and April 10, 2023.

After CCM Health became aware of the potential unauthorized access to its network, it launched an investigation. The investigation concluded on February 12, 2024, and determined that unauthorized users had accessed and removed files from CCM Health’s network. It took until May 31, 2024, for CCM Health to locate victims’ last known address to provide notice of the data breach. As a result of the data breach, hackers obtained from victims their first and last names, dates of birth, social security numbers, and personal and/or health information.

CCM Health is a healthcare provider that offers an array of health services, including cardiac, oncology, and physical rehabilitation treatments. CCM Health is headquartered in Minnesota and has four locations across the southwest region of the state, employing roughly 60 providers.

Specific numbers are not yet known, but it is likely thousands of people throughout Minnesota and possibly throughout the United States were exposed. If you received a Breach Letter from CCM Health, then you were impacted by the data breach.

CCM Health has offered victims of the data breach one year of free credit monitoring as a precaution.

WHAT INFORMATION IS INVOLVED?

According to CCM Health, the following information was exposed:

  • First and Last Name
  • Date of Birth
  • Social Security Number
  • Medical Information, including:
    • Medical Record Number
    • Patient Account Number
    • Prescription Information
    • Provider’s Name
    • Diagnosis and Diagnosis Code
    • Treatment Type, Location, and Date
    • Admission and Discharge Date
    • Lab Results

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Health care providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible.

NOTICE: If you received a NOTICE OF DATA BREACH letter from CCM Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.