DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

FL: Comprehensive Health Services discloses breach first detected this past September

Posted on February 12, 2022 by Dissent

Update: This incident was subsequently reported to the Maine Attorney General’s Office on February 15 as impacting a total of  94,449 people.

Original post:

In January, DataBreaches.net noted a report to the Massachusetts Attorney General’s Office that involved Comprehensive Health Services (CHS), a business associate providing occupational health services to clients’ employees. The breach was not reported on this site at that time because we anticipated more reports or a press release. That happened this week, but in comparing this week’s notification to the January report to Massachusetts involving Anchor QEA, LLC, it appeared that the notification to Anchor QEA contained details not included in their press release yesterday concerning steps CHS took following the breach. Specifically, the January notification letter included: 

What We Are Doing: In addition to taking immediate action upon learning of the attack, the Company implemented additional corrective actions as recommended by the forensic review team during its investigation. We have invested in enhanced network security measures, including: 1) purchasing a new suite of endpoint detection and response tools, and installing this software on all servers and endpoints on the network enterprise; 2) replacing our previous threat detection and monitoring surveillance vendor; 3) adding capabilities for extended detection and response to future attempted network intrusions; and 4) conducting network penetration testing.

Additionally, while the notification template submitted to Massachusetts contains an offer of mitigation services, there is no mention of that in the public press release or the notice on CHS’s website. Only those reading the actual notification might become aware of the offer. From the Massachusetts notification:

In order to help relieve concerns over possible identity theft as a result of this incident, and to restore confidence following this incident, we are offering you complimentary identity protection services through <redacted>, a leader in risk mitigation and response. These services include 24 months of credit monitoring, dark web monitoring, a $1,000,000 identity fraud loss reimbursement policy, and fully-managed identity theft recovery services.

This incident has not yet shown up on HHS’s public breach tool, so this post will eventually be updated with a note about how many patients may have been impacted.  For now, here is CHS’s press release issued yesterday:


CAPE CANAVERAL, Fla. Feb. 11, 2022  /PRNewswire/ — On September 30, 2020, Comprehensive Health Services (“CHS”) detected unusual activity within its digital environment following discovery of fraudulent wire transfers. In response, CHS took immediate steps to secure its digital environment and promptly launched an investigation. In so doing, CHS engaged independent digital forensics and incident response experts to determine what happened and to identify any information that may have been accessed or acquired without authorization as a result. On  November 3, 2021 , CHS learned that certain personal information may have been impacted in connection with the incident. CHS then worked diligently to identify address information required to effectuate notification.

There is no evidence of the misuse of any information potentially involved in this incident.  However, on January 20, 2022, and  February 14, 2022, CHS sent notification letters to the individuals whose personal information was potentially involved in this incident for whom CHS had identifiable address information providing them information about what happened and steps they can take to protect their personal information.

Based on the investigation of the incident, the following personal information may have been involved in the incident: name, date of birth, and / or Social Security number.

CHS takes the security of all information within its possession very seriously and is taking steps to prevent a similar event from occurring in the future, including investing in enhanced security measures.

CHS has established a toll-free call center to answer questions about the incident and related concerns. The call center is available Monday through Friday from  8:00 A.M. to 8:00 P.M. Central Time, Monday through Friday (excluding holidays) and can be reached at 1-800-741-0381.

The security of information is our top priority at CHS, and we are committed to safeguarding data and privacy. We deeply regret any worry or inconvenience that this matter may cause.

CHS has also posted substitute notice to its website providing individuals for whom addresses could not be located with information about the incident.

Cision View original content:https://www.prnewswire.com/news-releases/notice-of-data-security-incident-301481106.html

SOURCE Comprehensive Health Services

No related posts.

Category: Breach IncidentsHealth DataSubcontractorU.S.

Post navigation

← Croatian phone carrier A1 Hrvatska discloses data breach
FL: Jackson County Hospital District notifying patients of data breach →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.