top of page
  • April M Strauss

Covenant Care California’s Wagner Heights Nursing and Rehab Center Reports Data Breach

On May 6, 2022, Covenant Care California, LLC (“Covenant”) reported a data breach to the Department of Health and Human Services. The data breach is the result of a phishing incident at On May 6, 2022, Covenant Care California, LLC (“Covenant”) reported a data breach to the Department of Health and Human Services. The data breach is the result of a phishing incident at Wagner Heights Nursing and Rehabilitation Center, located in Stockton, California.

Over 4,600 people were affected by the incident, which was also reported to the California Attorney General’s Office. According to Covenant’s Data Breach Notice, an employee at Wagner Heights had “suspicious activity” in her work email account that turned out to be the result of a successful phishing email. (A phishing email is a fraudulent email designed to infect computer systems or trick the recipient into revealing sensitive information.)

After investigation, on April 18, 2022, Covenant determined that patient records were contained in the compromised email account at the time of the breach. Affected patients have been notified and complementary identity monitoring services offered.

A sample Covenant Data Breach Notice can be found here.

If you or a family member have received a Covenant Care Data Breach Notice about this incident and would like to know what your options are, click here.

Covenant Care Reported a Similar Data Breach in 2019

This is not Covenant’s first reported data breach. In fact, Covenant reported a similar data breach in 2019 that compromised detailed patient information. In that breach, Covenant determined that, from January 22, 2019 to January 29, 2019, an “unauthorized actor was able to login to the email account leveraging compromised user credentials.”

Medical Facilities, Like Wagner Heights Nursing and Rehabilitation Center, Must Be Especially Careful to Protect Their Vulnerable Populations from Cyber Theft

Healthcare providers and health plans have been targeted repeatedly by cyber-criminals for the last few years, who use phishing as a way of improperly accessing sensitive data like medical information. When businesses possess confidential medical data, it is vital that they maintain it with the utmost care and security in mind.

Our senior citizens, and their families, deserve the highest standard of care when they entrust their confidential medical records to assisted living facilities, nursing homes and rehabilitation centers.
It is exceedingly difficult for elderly citizens in care facilities (and their loved ones) to keep watch over valuable medical and financial data to ensure that, in the event of a cybercrime, the information isn’t being used to fraudulently receive expensive medical care using stolen credentials.

(April M. Strauss, California privacy attorney and Certified Information Privacy Professional)

Since patient records encompass such personal and revealing information, they are highly valued as a gateway to medical identity theft and more general identity theft. Medical information has been found to command up to $1,000 per individual record on the dark web. Thus, organizations such as Covenant Care California, who are entrusted with this most sensitive and valuable data, have a duty to take special care to maintain up-to-date information security practices and keep apprised of industry-related threats as they arise.

Health-related data “are more sensitive than other types of data because any data tampering can lead to faulty treatment, with fatal and irreversible losses to patients. Hence, healthcare data need enhanced security, and should be breach-proof.” (Seh AH, et al., Healthcare Data Breaches: Insights and Implications. Healthcare. 2020; 8(2):133.)

California Privacy Laws Protect You

If you, or your loved one, are a California resident, several laws, including the California Confidentiality of Medical Information Act (CMIA), require that every health care provider who maintains medical information do so in a manner that reasonably preserves its confidentiality. Under the CMIA, if you received a recent Notice of Data Breach from Covenant Care California, you may be entitled to $1,000 and your actual damages resulting from the negligent release of your confidential information.

Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices in place to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

We Can Get Help You Exercise Your CMIA Rights

Every case is unique. Even when data has been part of a breach, despite the provisions of the CMIA, compensation may not be awarded. Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you, or a loved one, are entitled to compensation. There are no out of pocket costs to you. We only get paid if we prevail.

If you, or a family member, received a Data Breach Notice from Covenant Care California and are concerned about this breach of personal medical data and what your options are, click here to contact us.

Confidential • No cost • No obligation


Commenting has been turned off.
bottom of page