DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CAH Holdings issues notice after employee email accounts compromised

Posted on November 16, 2019 by Dissent

What follows is a somewhat unsatisfactory notice. It does not indicate when the email accounts were compromised. It does not indicate when the firm first discovered it or how they discovered it. It does not indicate how many people are being notified by them. It does not explain to patients why a holdings firm has their information. And it appears that people have to call them to find out if they were impacted? Is the company not mailing any notifications? To say “call us to find out” seems to unfairly shift the responsibility for notification to the patients instead of the firm or any firm they contracted with. But read the notice and see what you think.

BIRMINGHAM, Ala., Nov. 15, 2019 /PRNewswire/ — CAH Holdings Inc. (CAH) recently learned of a data security incident involving some employee email accounts that may have impacted a limited amount of personally identifiable information and protected health information (PHI).

To assist with the investigation, CAH hired independent computer forensic experts to determine what occurred, and what information may be at risk. The forensic investigation determined that an unauthorized actor gained access to some of its corporate email accounts. Unfortunately, the investigators were unable to identify what emails or attachments may have been viewed by the unauthorized actor.

CAH reviewed the contents of the email accounts, and determined that limited information related to names, medical treatment history and diagnoses, and health benefits was contained in the accounts. For a limited number of individuals, addresses, dates of birth, and Social Security numbers were also included.

Although we are not aware of any misuse of any information, as an added precaution, we are offering, at no cost to the individual, credit monitoring and identity theft protection through ID Experts®. This product provides credit monitoring, identity detection, and resolution of identity theft Please note that this offer is available for one-year from the date of enrollment.

CAH has taken steps to prevent this type of incident from happening in the future. These steps include conducting a global password resent, enabling multi-factor authentication, increasing spam filters and hiring a Chief Information Security Officer. We retrained all our employees on cybersecurity and recognizing and responding to suspicious emails. We continually review our training program to ensure it is up to date.

“Our clients’ trust is a top priority for CAH, and we deeply regret any concern this has caused,” said Grantland Rice, CEO of CAH. “The privacy and protection of our customers’ information is a matter we take very seriously, and we are committed to taking steps to prevent this type of incident from occurring in the future.”

We encourage those affected to take full advantage of the services offered through ID Experts®. Recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on a credit file can be found at www.identitytheft.gov.

To determine whether you were affected by this incident, please call 833-953-1522 between 8:00 a.m. and 5:30 p.m. Central Time Monday to Friday.

SOURCE CAH Holdings

Category: Health DataOf NotePhishingSubcontractorU.S.

Post navigation

← Choice Cancer Care Treatment Center notifies patients of May data security incident
TW: Online box office EZding liable for data theft and consequential damages →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.