DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CBIZ KA Notice of Data Privacy Incident (Prime Healthcare)

Posted on December 6, 2023 by Dissent

CBIZ KA, a third-party vendor for Prime Healthcare (Prime), discovered a security incident involving CBIZ’s use of MOVEit Transfer software, which has recently reported a security vulnerability. Prime takes the responsibility of safeguarding your information very seriously, and while Prime systems were not involved in the incident, CBIZ KA uses MOVEit Transfer to securely transfer data files in the normal course of business.

CBIZ KA promptly launched an investigation, with the assistance of cybersecurity professionals, into the nature and scope of the MOVEit vulnerability. On September 20, 2023 CBIZ KA sent Prime Healthcare the files of its patients involved, which contained the name and one or more of the following for certain patients: date of birth, address, medical record number, Social Security Number, admission date, and discharge date.

The identified vulnerability on the MOVEit Transfer server has been patched. CBIZ KA also reviewed the protocols in place with vendors to help prevent something like this from happening again.

For eligible individuals whose Social Security numbers may have been involved in the incident, CBIZ KA is offering complimentary credit monitoring and identity protection services through Kroll. If you believe you are affected by this incident and do not receive a notice letter by Wednesday, December 13th, please call (866) 547-6909, Monday through Friday, between 9:00 a.m. to 6:30 p.m. Eastern Time (excluding major U.S. holidays).

Source: Saint Michael’s Medical Center, December 4

NOTE:

DataBreaches contacted Prime Healthcare to inquire how many of their hospitals and locations were affected.  Elizabeth Nikels Prime Healthcare Vice President, Communications and Public Relations responded that nine of the Prime hospitals were affected by their vendor’s breach. None of the facilities use MOVEit, but their vendor does. Prime Healthcare has 45 hospitals and more than 300 outpatient locations in 14 states.  In addition to Saint Michael’s Medical Center, Roxborough Memorial Hospital,  Garden City Hospital, Landmark Medical Center, Lower Bucks Hospital, Saint Clare’s Hospital, Lake Huron Medical Center, St. Mary’s General Hospital, and Suburban Community Hospital.

Category: Breach IncidentsHackHealth DataSubcontractorU.S.

Post navigation

← Seeking clarification on Maine’s data breach notification statute
Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.