DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CAH Holdings issues notice after employee email accounts compromised

Posted on November 16, 2019 by Dissent

What follows is a somewhat unsatisfactory notice. It does not indicate when the email accounts were compromised. It does not indicate when the firm first discovered it or how they discovered it. It does not indicate how many people are being notified by them. It does not explain to patients why a holdings firm has their information. And it appears that people have to call them to find out if they were impacted? Is the company not mailing any notifications? To say “call us to find out” seems to unfairly shift the responsibility for notification to the patients instead of the firm or any firm they contracted with. But read the notice and see what you think.

BIRMINGHAM, Ala., Nov. 15, 2019 /PRNewswire/ — CAH Holdings Inc. (CAH) recently learned of a data security incident involving some employee email accounts that may have impacted a limited amount of personally identifiable information and protected health information (PHI).

To assist with the investigation, CAH hired independent computer forensic experts to determine what occurred, and what information may be at risk. The forensic investigation determined that an unauthorized actor gained access to some of its corporate email accounts. Unfortunately, the investigators were unable to identify what emails or attachments may have been viewed by the unauthorized actor.

CAH reviewed the contents of the email accounts, and determined that limited information related to names, medical treatment history and diagnoses, and health benefits was contained in the accounts. For a limited number of individuals, addresses, dates of birth, and Social Security numbers were also included.

Although we are not aware of any misuse of any information, as an added precaution, we are offering, at no cost to the individual, credit monitoring and identity theft protection through ID Experts®. This product provides credit monitoring, identity detection, and resolution of identity theft Please note that this offer is available for one-year from the date of enrollment.

CAH has taken steps to prevent this type of incident from happening in the future. These steps include conducting a global password resent, enabling multi-factor authentication, increasing spam filters and hiring a Chief Information Security Officer. We retrained all our employees on cybersecurity and recognizing and responding to suspicious emails. We continually review our training program to ensure it is up to date.

“Our clients’ trust is a top priority for CAH, and we deeply regret any concern this has caused,” said Grantland Rice, CEO of CAH. “The privacy and protection of our customers’ information is a matter we take very seriously, and we are committed to taking steps to prevent this type of incident from occurring in the future.”

We encourage those affected to take full advantage of the services offered through ID Experts®. Recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on a credit file can be found at www.identitytheft.gov.

To determine whether you were affected by this incident, please call 833-953-1522 between 8:00 a.m. and 5:30 p.m. Central Time Monday to Friday.

SOURCE CAH Holdings

No related posts.

Category: Health DataOf NotePhishingSubcontractorU.S.

Post navigation

← Choice Cancer Care Treatment Center notifies patients of May data security incident
TW: Online box office EZding liable for data theft and consequential damages →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.