On May 17, 2022, Covenant Care of California (“Covenant”) reported that another subsidiary was compromised in a phishing incident on the same date as the Wagner Heights incident reported here last week. This time, Rehabfocus Home Health, Inc., the licensee of Focus Health, a home health agency (“Focus Health”) was the source of the data breach.
The breach began on February 24, 2022, the same day that Covenant’s Wager Heights facility was compromised. Covenant reports that a Focus Health employee’s Microsoft 365 email account was breached when a cyber-criminal gained access through a phishing email. Typically, phishing scams trick employees into clicking on a link or attachment containing malware that compromises the employees’ email, or cause employees to reveal their login credentials. Covenant’s Data Breach Notice for this incident does not describe the nature of the phishing scam that compromised its system.
According to the company, the unauthorized access went undetected from February 24-March 4, 2022. Covenant determined that patient records were present in the email account at the time of the compromise.
Covenant is again offering identity monitoring services through Kroll. The notice states that there is a deadline for enrollment for these services.
The full text of a sample of the Covenant Notice of Data Breach can be found here.
“Patient medical records contain some of our most personal information. They deserve to be protected with the utmost care and attention.
Patients and their families have enough to worry about when they are dealing with medical issues. The last thing they should have to think about is whether their confidential medical information is being held securely by their health care providers.”
(April M. Strauss, senior California attorney and Certified Information Privacy Professional, calprivacy.com)
Under the CMIA, if you received a recent Notice of Data Breach from Covenant Care California, you may be entitled to $1,000 and your actual damages resulting from the negligent release of your confidential information. Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices in place to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.
If you received a Data Breach Notice from Covenant Care California, Focus Health, or Wagner Heights Nursing and Rehabilitation Center, and are concerned about this breach of your medical data and what your options are, contact us here.
Confidential • No cost • No obligation