Omni Family Health Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Omni Family Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

On October 4, 2024, Omni Family Health (“Omni”) reported a cybersecurity incident (“Data Breach”) to the United States Department of Health and Human Services (“HHS”). A few days later, on October 10, 2024, Omni submitted an additional report to the Attorney General’s Office in California. The report indicates that on August 7, 2024, Omni discovered claims that information had been extracted from its systems and posted on the dark web. A subsequent investigation found that the information posted on the dark web was related to Omni’s patients and employees and consequently came from Omni’s systems.

Recently, Omni began sending out data breach notification letters to those affected by the Data Breach. Each notification letter includes 12 months of complimentary access to credit monitoring and identity protection services provided by Experian IdentityWorks.

According to Omni’s report to the HHS, approximately 468,344 individuals were impacted by the Data Breach. As the announcement was made only recently, Omni has yet to disclose more details. So far, Omni has disclosed that for the current and former patients of Omni, the information that has been stolen potentially included: name, address, Social Security number, date of birth, health insurance plan information, and medical information. If you received a data breach notification letter from Omni, it indicates that you were affected by the Data Breach.

Founded in 1978 and headquartered in Bakersfield, California, Omni is a comprehensive healthcare provider with a network of state-of-the-art health centers. Omni operates approximately 39 locations across Kern, Kings, Tulare, and Fresno Counties, employing over 200 providers. According to available data, Omni Family Health generates an estimated annual revenue of approximately $150.5 million.

WHAT INFORMATION IS INVOLVED?

Omni has only disclosed very limited information. So far, Omni has disclosed that for its patients, former patients, and those referred to Omni by other medical professionals, the following information is involved in the Data Breach:

• Addresses,
• Social Security numbers,
• Dates of birth,
• Health insurance information,
• Medical information.

This information is referred to as your Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”). It provides critical details about you and is an integral part of your identity, encompassing your most private medical and health data. Businesses are legally required to protect this information, or they risk incurring statutory penalties and other legal repercussions. When PII and PHI are stolen, identity thieves can exploit this information to commit fraudulent activities, such as opening accounts or making purchases in the victim’s name​.

Omni has also disclosed that its current and former employees’ data was also released and published on the dark web due to the Data Breach, but it has not disclosed what data was involved for those persons. We are closely monitoring the ongoing investigation, and more details are expected to emerge as the company is required to notify all impacted individuals. If you received a data breach notification letter or email from Omni, it indicates that your information was compromised in the Data Breach.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Confidentiality of Medical Information Act (“CMIA”)

NOTICE: If you received a NOTICE OF DATA BREACH letter from Omni Family Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options or submit a confidential Case Evaluation form here.