Call Us

Welcome Health Data Breach

Posted on behalf of Arnold Law Firm on September 10, 2024 in Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Welcome Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options or submit a confidential Case Evaluation form here.

On September 6, 2024, Welcome Health filed a notice of data breach with the Attorney General of California. On July 8, 2024, Welcome Health discovered that an unauthorized party gained access to an employee’s email login credentials (“Data Breach”). The subsequent investigation revealed that the Data Breach occurred from June 11 through July 8, 2024, which involved unauthorized access to patients’ and contractors’ Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”).

Upon completing its investigation, Welcome Health has begun sending out notification letters to affected individuals. In the notification, Welcome Health has offered each of the victims a two-year complimentary membership of Experian for credit monitoring and identity theft protection services as a precaution.

Welcome Health has not yet disclosed further details since the Data Breach was only recently announced. If you received a data breach notification letter from Welcome Health, it indicates that you were affected by the Data Breach.

Headquartered in Whittier, California, Welcome Health is a primary care medical group that focuses on providing personalized healthcare for older adults. It offers a range of services, including in-home visits, virtual consultations, and office appointments. Welcome Health operates under the SCAN Group, which also manages SCAN Health Plan—one of the nation’s largest not-for-profit Medicare Advantage plans. As of 2021, the SCAN Group employs approximately 1,465 individuals and reported revenues of about $3.5 billion.

WHAT INFORMATION IS INVOLVED?

According to Welcome Health, the following information was potentially exposed:

  • For Patients:
    • Full names
    • Dates of birth,
    • Patient numbers,
    • Health plan member numbers,
    • Claim numbers,
    • Dates of services,
    • Diagnosis,
    • Treatment information;
  • For Contractors:
    • Full names,
    • Social Security numbers (SSNs),
    • Tax identification numbers (TINs).

This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity.

Personal medical information (a specific type of PII) is referred to as Protected Health Information (“PHI”). It is protected under both state and federal law. Healthcare providers and other businesses who handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible.

NOTICE: If you received a NOTICE OF DATA BREACH letter from Welcome Health, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options or submit a confidential Case Evaluation form here.