Hair Free Forever (HFF) appears to have suffered an insider-wrongdoing breach involving a now-former employee using patient information to solicit patients for another business.
HFF’s notification letter suggests they are covered by HIPAA.
The number of patients affected by the breach is not disclosed in the template notification letter submitted to the state attorney general’s office, and the incident does not appear on HHS’s public breach tool at this time.
What is somewhat striking about their notification to patients is that they name the former employee and flat-out accuse her of criminal conduct.
You can read the notification letter below. It does not indicate what steps HFF might be taking to prevent a recurrence of this type of breach:
Notice of Data Breach_1