Hair Free Forever notifies clients/patients that a former employee is misusing their information to recruit patients for another practice

Hair Free Forever (HFF) appears to have suffered an insider-wrongdoing breach involving a now-former employee using patient information to solicit patients for another business.

HFF’s notification letter suggests they are covered by HIPAA.

The number of patients affected by the breach is not disclosed in the template notification letter submitted to the state attorney general’s office, and the incident does not appear on HHS’s public breach tool at this time.

What is somewhat striking about their notification to patients is that they name the former employee and flat-out accuse her of criminal conduct.

You can read the notification letter below. It does not indicate what steps HFF might be taking to prevent a recurrence of this type of breach:

Notice of Data Breach_1

Des Moines Man Charged with Computer Fraud
CrowdStrike catches insider feeding information to ScatteredLapsus$Hunters
Fired techie admits sabotaging ex-employer, causing $862K in damage
Large medical lab in South Africa suffers multiple data breaches
Doctor Alliance Data Breach: 353GB of Patient Files Allegedly Compromised, Ransom Demanded
Army gynecologist took secret videos of patients during intimate exams, lawsuit says

Related: