Recently, Marietta Area Health Care, better known as Memorial Health System, announced that the company suffered a data breach resulting from a malware attack on its computer systems. According to a company press release, on August 14, 2021, Memorial Health System discovered the presence of malware on some of the company’s servers. After conducting a follow-up investigation, the company learned that an unauthorized party had accessed server data relating to 216,478 people.
A data breach occurs when someone, usually a hacker or other criminal actor, breaches a company’s security system and gains access to sensitive consumer information at the company’s location. Often, cybercriminals target a company that they know has weak or outdated data security technology. Once a hacker obtains information through a data breach, they can use that information to commit identity theft or sell the data to the highest bidder on the black market. Regardless of who ends up with a consumer’s sensitive information, those affected by a data breach are much more likely to become victims of identity theft or fall victim to other potentially serious crimes. Given the risks, it is critical that anyone who has received a data breach letter from Memorial Health System takes the necessary steps to protect themselves from data breach risks such as this.
Those affected by the Memorial Health System data breach have reason to be concerned. Since the start of the COVID-19 pandemic, identity theft crimes have become much more common. In many cases, identity thieves obtain the data they need to commit these crimes through a data breach.
Companies like Memorial Health System have a duty to protect consumer data. So, if it appears that your sensitive information was mishandled prior to the data breach, you may be entitled to financial compensation through a data breach class action lawsuit.
Are consumers affected by the Memorial Health System data breach entitled to financial compensation?
When you provided your personal information to Memorial Health System, you believed that the company would take your privacy seriously. Surely, anyone would assume that the company would take every precaution to prevent consumers’ sensitive financial and personal information from ending up in the possession of a potential criminal. However, news of this data breach raises serious questions about the company’s data security measures at the time of the breach and, potentially, the company’s commitment to consumer privacy.
All companies in possession of consumer data have an ethical and legal obligation to keep it confidential. Admittedly, maintaining an adequate data security system is a burden; however, it is a necessary cost of doing business in an environment where hacking and cyberattacks are common. If a company doesn’t take its consumer privacy obligations seriously, it can be held liable through a data breach class action lawsuit. Of course, US data breach laws are complex and news of this data breach is very recent. Thus, there is still no evidence that Memorial Health System was negligent in the way it handled consumer data. However, our data breach lawyers are investigating the breach to determine what legal remedies affected consumers may have against Memorial Health System.
If you have questions about your ability to bring a class action lawsuit against Memorial Health System, it is essential that you contact a data breach lawyer as soon as possible.
What to do if you received a data breach notification from Memorial Health System
If you received a data breach letter from Memorial Health System, it means you were among those whose personal data was compromised during the recent data breach. It also means that a complete stranger may have accessed, viewed and stored your sensitive personal information. While it’s impossible to tell why a hacker wants your information or what they intend to do with it, it’s essential that you remain vigilant to protect yourself by taking the following steps:
- Carefully read the data breach letter sent by Memorial Health System to determine what information about you was accessible;
- Make a copy of the letter for your records;
- Sign up for the free credit monitoring service provided by Memorial Health System;
- Change all your passwords and security questions for all online accounts;
- Enable two-factor or multi-factor authentication, where available;
- Regularly review your credit card and bank account statements for any signs of suspicious activity;
- Monitor your credit report for any unexpected changes that could be a sign of identity theft;
- Contact one of the major credit bureaus to ask them to add a fraud alert to your profile; and
- Notify your banks and credit card companies of the data breach.
About Memorial Health System
Memorial Health System is the trade name used by Marietta Area Health Care. The company operates as a not-for-profit integrated healthcare system. Memorial Health System employs more than 2,700 staff, including 325 providers in 64 clinics, providing a wide range of services, from emergency care and women’s health to cancer treatment and pediatric services. Marietta Area Health Care was founded in Marietta, Ohio in 1984 and generates approximately $490 in annual revenue.
The details of the Memorial Health System consumer data breach
According to the latest data breach letter published by Memorial Health System, on August 14, 2021, the company identified malware on some of the company’s servers. Memorial Health System investigated the incident and determined that from July 10 to or around August 15, 2021, an unauthorized party gained access to some of the company’s electronic files. This triggered a follow-up investigation into the extent of consumer data compromised as a result of the breach. Ultimately, around November 1, 2021, Memorial Health System confirmed that the personal information of over 216,478 individuals was accessed by the unauthorized party during the breach. This information included consumers’ full names and social security numbers.
On or about January 12, 2022, Memorial Health System sent a written notice to all affected parties, advising them of the breach and what they can do to protect themselves. In this communication, Memorial Health System explains that while there is no indication that the unauthorized party used or intends to use any of the data obtained, individuals receiving a data breach letter from Memorial Health Systems are encouraged to watch for identification. flight.
Below is a copy of the initial data breach letter issued by Memorial Health System (the company’s full online notice is available here):
Marietta Area Health Care Inc. dba Memorial Health System (“MHS”) is writing to inform you of an incident that may affect the confidentiality of some of your information. We provide you with an overview of the incident, our response, and steps you can take to better protect yourself, if you wish.
What happened? On August 14, 2021, MHS identified the presence of malware on some servers in our environment. We immediately opened an investigation to determine the nature and extent of the incident and to secure our network. During this investigation, we have determined that an unauthorized actor accessed certain systems on our network on or about July 10, 2021 through August 15, 2021. On or about September 17, 2021, we determined that the unauthorized actor may have accessed or acquired information from systems potentially containing patient information. We then carefully reviewed the contents of the affected systems to determine what sensitive information, if any, might have been compromised. On November 1, 2021, our review confirmed the extent of information at risk and the population potentially impacted. We have worked diligently since then to confirm which patients may be affected, the types of information involved, and the best contact information for the affected population to provide accurate notification. On December 9, 2021, our review determined that protected information about you may have been affected.
What information was involved? We conducted a thorough review of the relevant systems to identify the types of information stored there and to whom it relates. Our review determined that your information was present in the affected systems and it is possible that your information was accessed or acquired by an unauthorized actor. This information includes your . While we have no reason to believe that identity theft or unauthorized use of the information involved has occurred, we wanted to make sure you are aware of this incident.
What we do. MHS has strict security measures in place to protect the information in our possession, and we have worked to add additional technical protections to our environment. Following this incident, we took immediate action to improve the security of our environment and strengthen our security posture.
As an added precaution, we’re also giving you free access to 12 months of identity monitoring services, via Kroll. You will need to activate these services yourself if you wish, as we are unable to activate them on your behalf. Please see the instructions contained in the attached document Steps you can take to help protect your personal information for more information on these services.
What you can do. We encourage you to consult the attached document Steps you can take to help protect your personal information for additional steps you can take and information about what you can do to better protect yourself against the possibility of identity theft and fraud, if you feel it is appropriate to do so. We also encourage you to activate the free identity monitoring services that we offer. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your Account Statements and Explanation of Benefits and monitoring your free credit reports for suspicious activity and detecting errors within 12 to next 24 months.
For more information. If you have any questions regarding this letter, please call (855) 545-2370 between 9:00 a.m. and 6:30 p.m. Eastern Time, Monday through Friday, excluding major United States holidays.
We sincerely regret any inconvenience or concern this incident may cause.