DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Brand New Day notifies 14,005 members after breach at vendor

Posted on March 10, 2017 by Dissent

From their press release of March 10:

Universal Care, Inc. dba Brand New Day (BND) announced today that it has notified individuals related to a privacy incident involving information stored by a third-party vendor. The incident did not involve information that was stored or maintained on BND’s own systems.

On December 28, 2016, BND learned that an unauthorized individual gained access to electronic files stored on computer systems maintained by a third-party vendor that provides patient management software applications to BND and its providers. This incident was reported by BND to law enforcement. Thereafter, law enforcement investigators required that any notification to potentially affected individuals and any public announcement of the incident should be withheld while they were conducting their investigation. Following law enforcement’s permission to notify, BND began this notification as quickly as possible once BND had completed its investigation.

Based on BND’s investigation, it was determined that the files stored by the third-party vendor contained personal information on BND members, including patient names, addresses, phone numbers, dates of birth and Medicare ID numbers. It does not appear that driver’s license numbers or California identification card numbers were involved in the information that was accessed.

BND is committed to the security of all sensitive information maintained by its third-party vendors and is taking this matter very seriously. To help prevent this type of incident from happening again, BND contacted the third party vendor the same day we became aware of the breach to advise them of the breach.  The vendor eliminated the error in their system within hours. BND will also request its third-party vendor to take steps to enhance the security of its systems that maintain BND patient data. As an added precaution, BND is offering 12 free months of identity theft and mitigation services to affected individuals to help prevent and detect misuse of their personal information. To obtain information on how to access these services, please contact the any of the individuals named below.

We regret any inconvenience caused by this incident. We began mailing notification letters to affected individuals on March 9, 2017. If you believe you may be affected and have not received a letter by March 31, 2017, or to obtain information regarding the offer for identity theft and mitigation services or if you need any other information or wish to contact us with concerns, please call us at any of the following numbers, Monday through Friday, 9 a.m. to 7 p.m. PST (closed on U.S. observed holidays):

Jonathan Devin Wheeler, J.D.

Compliance Analyst

P.O. Box 93122

Long Beach, CA 90809-9871

866-255-4795, ext. 4078

Connie Snyder

Compliance Officer

P.O. Box 93122

Long Beach, CA 90809-9871

866-255-4795, ext. 5054

Source: Universal Care, Inc. dba Brand New Day

The incident was reported to HHS on February 10 as affecting 14,005 patients. Because the vendor is not named, it is not known whether any other healthcare entities have also been affected, but in its notification to the California Attorney General’s Office, they offer the following additional details:

A contracting provider was able to access (via a third party vendor system) data containing your name, date of birth, Medicare ID number, address, and phone number. This information should have been available only to your provider.

BND also disclosed in the notification to the AG’s Office that the incident occurred on December 22, 2016.

Category: Health DataSubcontractorU.S.

Post navigation

← Denton Heart Group notifies patients stolen hard drive held 7 years’ worth of PII/PHI
VCU Health System notifies 2,700 of inappropriate access to their medical records →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • ConnectWise suspects cyberattack affecting some ScreenConnect customers was state-sponsored
  • Possible ransomware attack disrupts Maine and New Hampshire Covenant Health locations
  • HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
  • UK: Two NHS trusts hit by cyberattack that exploited Ivanti flaw
  • Update: ALN Medical Management’s Data Breach Total Soars to More than 1.8 Million Patients Affected
  • Russian-linked hackers target UK Defense Ministry while posing as journalists
  • Banks Want SEC to Rescind Cyberattack Disclosure Requirements
  • MathWorks, Creator of MATLAB, Confirms Ransomware Attack
  • Russian hospital programmer gets 14 years for leaking soldier data to Ukraine
  • MSCS board renews contract with PowerSchool while suing them

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Home Pregnancy Test Company Wins Dismissal of Pixel Wiretapping Suit
  • The CCPA emerges as a new legal battleground for web tracking litigation
  • U.S. Spy Agencies Are Getting a One-Stop Shop to Buy Your Most Sensitive Personal Data
  • Period Tracking App Users Win Class Status in Google, Meta Suit
  • AI: the Italian Supervisory Authority fines Luka, the U.S. company behind chatbot “Replika,” 5 Million €
  • D.C. Federal Court Rules Termination of Democrat PCLOB Members Is Unlawful
  • Meta may continue to train AI with user data, German court says

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.