As the Internet continues to encompass more and more of our lives, private information pertaining to medical records is getting digitized. In theory, this leads to more convenience for patients and greater clarity of communication among doctors, specialists, hospitals, and other parties involved in patient care.
Unfortunately, online data is never 100% secure. Patients in the Hudson Valley are getting an unfortunate reminder of this in the wake of the Health Quest data breach that compromised patients’ private medical information.
Lower on this page, we discuss the details of this breach and what to do if you have been impacted. O’Connor & Partners, PLLC is here to help if your private information is compromised. Please call us at (845) 303-8777 for a free consultation at one of our offices in the Hudson Valley: Kingston, Newburgh, and Poughkeepsie, New York.
Understanding the Health Quest Data Breach
Health Quest (now part of Nuvance Health via a merger with Western Connecticut Health Network) is a healthcare provider network serving thousands of patients in New York via hospitals, primary and specialty medical practices, imaging, and urgent care facilities. In July 2018, a phishing scam targeted employees of Health Quest.
Duped employees emailed the scammers their usernames and passwords, as well as attachments that gave malicious third parties access to a vast amount of private patient information, including:
- Names
- Dates of birth
- Social Security numbers
- Driver’s license numbers
- Financial and payment information
- Diagnosis and treatment details
- Insurance claims information
Patients affected by the phishing incident visited Health Quest facilities between January and June 2018. All told, this amounts to nearly 29,000 customers.
Health Quest only began to notify patients of the breach in May 2019 – almost a year after the information was compromised. Further investigation of the incident (concluded months later in November 2019) revealed that additional customers may have been affected, with Health Quest-Nuvance Health mailing letters to another group of patients in January 2020.
According to a statement by Health Quest-Nuvance Health, “We have no indication any patient information was viewed by the unauthorized person or has been misused.” Unfortunately, this is no guarantee of safety for patients whose privacy and online security are at stake.
Are You Affected by the Data Breach?
Unlike accident and injury claims, the damage from a data breach can take months if not years to become apparent. The impact, however, can be immense, affecting your ability to find a job, where you live, your ability to qualify for loans, and much more.
Scammers may misuse private information for their own nefarious goals, or they could post it or sell it so other malicious third parties can do with the data what they wish. What, exactly, these purposes are may vary.
Possible outcomes of having your private information stolen include:
- Identity theft
- Hacking attempts on your personal email, online banking accounts, and more
- Credit card fraud
- Opening fake bank accounts in your name
- Scammers may use another patient’s medical information to receive care and avoid any charges
If your credit score inexplicably suffers, you see charges you don’t recognize on your credit card statement, or you receive EOBs or bills for medical services you haven’t received, these are just a few possible signs that someone has stolen and/or misused your private information. It is important to pay attention to credit reports, financial statements, and other communications to ensure your online security.
What’s really frightening about any data breach is the number of people affected. In the case of Health Quest, for example, a scam targeting a community healthcare provider exposed sensitive information for tens of thousands of people.
What Should I Do Now?
If you received a letter from Health Quest and/or Nuvance Health, that means the cybersecurity investigation by Health Quest/Nuvance Health identified your information as potentially compromised in the 2018 phishing event. It is vitally important that you keep this letter and any additional correspondence related to the breach.
The letter helps to establish that you have been affected by the leak of private information. Should you decide to pursue legal action against Health Quest/Nuvance Health, it demonstrates your eligibility for compensation.
You should also be on the lookout for the effects of fraud, identity theft, and other forms of data abuse and misuse. Review your bank account statements, check your credit score, and access your medical records and insurance payments – to name a few. If you have taken any action to rectify the problem, be sure to document that as well. This may include disputing:
- Charges with your bank
- The results of a credit report
- Medical bills for care you didn’t receive
- Unauthorized changes to your username and password on your email, patient portal, and other accounts
- The creation of new online accounts without your knowledge
If you file a claim against Health Quest/Nuvance Health, you will need to prove damages. You may be eligible for compensation for the actual financial losses you have suffered (actual damages), as well as projected future losses (general damages) due to the expected impact of the compromised data.
In addition to civil actions initiated by patients, Health Quest/Nuvance Health may also face investigation for violations of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA establishes patient rights for private health information, including the secure handling of digital data.
Violations of HIPAA are punishable by fines of up to $1.5 million per year. Penalties are assessed by the Office for Civil Rights of the U.S. Department of Health and Human Services.
It is important to note that the fines levied against a healthcare provider for HIPAA violations are not awarded to patients; these are entirely separate from civil cases. However, fines are assessed on a per-violation basis. The fines are intended as a way to prevent healthcare providers from future negligent in the handling of private patient data.
By filing a complaint with the Department of Health and Human Services, you make it possible for negligent healthcare providers and other parties to be penalized for mishandling patient data. These penalties make a big difference in ensuring that providers take better steps to keep consumer information secure.
Contact O’Connor & Partners, PLLC to Build Your Data Breach Case
Many healthcare providers have faced lawsuits due to inadequate security practices. The Health Quest/Nuvance Health breach hits close to home because this is not a third-party company based thousands of miles away – it is a local company right in Hudson Valley that includes hospitals and health centers many of us have visited for years.
If your data was compromised in this phishing scheme, contact O’Connor & Partners, PLLC at (845) 303-8777 for a free consultation in Kingston, Newburgh, or Poughkeepsie. Our attorneys will investigate your case and discuss your options for compensation, including filing a claim against Health Quest/Nuvance Health.