Catholic Medical Center Suffers Data Breach

Late last month, nearly 2,800 patients at the Manchester Catholic Medical Center ("CMC") may have had their files containing personal and health information exposed in a third-party data security incident. According to a sample breach notification letter, Catholic Medical Center says on March 6, it was notified by Lamont Hanley & Associates Inc. (LH), a vendor that provides the hospital with account receivable management services, that it fell victim to a data breach that potentially affected CMC's clients. 

According to LH, in early March, it discovered one of its employee accounts was accessed by a third party via a phishing attempt on June 20, 2023. Once the incident was detected, LH  secured its system and launched an investigation to determine what information was accessed. As part of its investigation, the vendor recruited the help of an external cybersecurity team. However, they were unable to conclude with one hundred percent certainty that the unauthorized party accessed the data within the breached account.

These results prompted an extensive review of the compromised account, and according to the notice, LH confirmed that the personal information of CMC's clients was, in fact, accessible within the compromised account. Lamont Hanley immediately informed CMC of the breach and the potential data exposure of its 2,792 registered patients. According to the investigation, the private information potentially accessed by the unauthorized hacker included the following:

• Full names
• Social Security numbers
• Dates of birth
• Medical and claim information
• Health insurance information
• Individual identification information
• Financial account information

LH has informed CMC that the individuals affected by the breach will receive notice in the mail. In response to the breach, it has established a dedicated toll-free response line at 1-833-792-8144, available Monday through Friday, 8 a.m. to 8 p.m. The vendor has also announced it will provide free credit monitoring services to those who are eligible.

While the breach did not directly impact Catholic Medical Center's systems, it claims that it maintains an "aggressive cyber security program" out of an abundance of precaution. CMC clients who were notified of the breach are urged to take advantage of the free credit monitoring services provided by LH, as well as take extra precautions to ensure their data is safe.

Under the Fair and Accurate Credit Transactions Act, consumers are entitled to one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. For more frequent credit monitoring, Credit Karma offers customers free daily access to their credit reports, suspicious activity alerts, and other financial protective services. The Fair Credit Reporting Act allows victims of fraud the right to be informed that the information in their credit file has been used against them. 

In the event you should discover suspicious activity on your accounts, you may also contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident. Victims of identity theft may also speak with an attorney to evaluate whether or not they may be eligible to file a lawsuit against the companies storing their personal data should they experience a data breach. For more information about how a data breach attorney may be able to help you, complete our free, no-obligation case evaluation form today.