DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Family Healthcare notifying patients of November 2022 breach at Brady Martz & Associates

Posted on January 13, 2024 by Dissent

On September 8, Brady Martz & Associates in North Dakota disclosed a data breach in November 2022 that reportedly affected more than 53,000 individuals. Less than two weeks later, at least four lawsuits had been filed against the firm.

Now, four months later, we see a notice from one of their clients:

Family HealthCare was recently informed of a data security breach experienced by its third-party service provider, Brady Martz & Associates PC. Brady Martz provides tax-related services, audit and financial guidance, and bookkeeping and payroll assistance to clients throughout the country and is headquartered in North Dakota. Family HealthCare contracts with Brady Martz for bookkeeping and tax-related services which typically involve Brady Martz’s auditing of Family HealthCare’s patient billing documents.

Brady Martz is notifying, by letter, all impacted individuals to inform them of this incident and to identify the steps that individuals can take to protect themselves from the potential misuse of this information. However, in an effort to encourage our patients to take precautionary steps to protect themselves and their information, we’ve provided more details related to the incident as well as additional resources for your use below.

What Happened and What Information was Involved:

According to Brady Martz, the breach, which occurred on November 19, 2022, was promptly detected and the company immediately took steps to secure its systems and engage independent cybersecurity experts to investigate the incident. Brady Martz reports that its investigation into the incident resulted in a determination that an unauthorized third-party may have accessed and/or acquired files containing certain individuals’ personal information.

The information impacted as a result of the incident included information related to certain employees and patients of Family HealthCare. Notably, this incident did not involve unauthorized access to any of Family HealthCare’s computer systems and did not impact our ability to provide care to patients.

According to Brady Martz, the information potentially accessed during the incident included some or all of the following: patient and/or employee name, date of birth, age, phone number, financial account information, health insurance information, patient account number, Social Security number, and information regarding care received at a Family HealthCare facility.

Read more of Family Healthcare’s notice on their website. Their notice does not mention that Brady Martz appeared to be offering complimentary mitigation services that Family Healthcare patients can access.

Why the Delay?

If abnormal activity was “promptly detected” on November 19, 2022 why did it take Brady Martz until August 2023 to recognize that personal and protected health information was involved and until September 2023 to disclose the breach? And why did it take until January 2024 for Family Healthcare to alert its patients?  Were they notified by Brady Martz in September or were they only notified later? Their submission to HHS has yet to be posted on HHS’s public breach tool.

Inquiries were sent to Brady Martz seeking clarification on the reasons for the delays in disclosure, but no reply was immediately available.

At this point, DataBreaches is unaware of what other clients of Brady Martz were affected.

In terms of litigation, DataBreaches found that all four cases filed in September were consolidated under Quaife v. Brady Martz & Associates, P.C.  At the end of December, Brady Martz moved to have the lawsuits dismissed for lack of jurisdiction and for failure to state a claim. According to their motion, any negligence claim fails, in part, because it was filed by employees of its clients and not the clients. Brady Martz argued that it has no duty of care to the individuals, i.e., they have no business relationship with the plaintiffs.  There has been no response from the plaintiffs as yet.


Related:

  • Two more entities have folded after ransomware attacks
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Premier Health Partners issues a press release about a breach two years ago. Why was this needed now?
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
  • Global operation targets NoName057(16) pro-Russian cybercrime network in Operation Eastwood
Category: Breach Incidents

Post navigation

← Pharma Giant Alkem Laboratories Faces Security Breach, Rs 52 Crores at Stake
NYS announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
  • BreachForums — the one that went offline in April — reappears with a new founder/owner
  • Fans React After NASCAR Confirms Ransomware Breach
  • Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack (1)
  • Infinite Services notifying employees and patients of limited ransomware attack
  • The safe place for women to talk wasn’t so safe: hackers leak 13,000 user photos and IDs from the Tea app

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.