Discovery at Home provides senior home healthcare services to seniors in Florida and Texas. On July 31, they issued a website notice about a phishing incident they discovered on June 1. As they describe it, the scheme resulted in the transmittal of personal health information to an unauthorized third-party sender.
Elements of personal information that may have been compromised included: name, address, date of birth, medical information, including dates of service, certain treatment-related information, health insurance information, insurance beneficiary number, claim number, and policy number.
See their website notice for information on who to contact for any questions.
Based on their website description, DAH would be a HIPAA-covered entity for the outpatient Medicare-covered or health insurance-covered services they offer and in-home health services that are covered by Medicare. This incident has not yet appeared on HHS’s public breach tool, however, so we do not yet know the total number of patients affected.