On August 24, 2022, Gifted Healthcare reported a data breach to several state attorneys general. According to Gifted Healthcare, the breach has resulted in the names, addresses, social security numbers, financial information and medical information of certain individuals being compromised. After the breach was confirmed and all parties involved were identified, Gifted Healthcare started sending letters about data breaches to all parties involved.
If you have been notified of a data breach, it is essential that you understand what is at risk and what you can do about it. For more information on how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are after the Gifted Healthcare data breach, please see our recent piece on the subject. here.
What we know about the data breach in healthcare for the gifted
Information about the Gifted Healthcare data breach comes from official filings with the Attorney General of the State of Montana and Texas. According to the most current information, Gifted Healthcare recently detected suspicious activity with an employee’s email account. In response, the company secured its systems and partnered with outside cybersecurity specialists to investigate the incident.
The company’s investigation found that three employee email accounts were unauthorized between August 25, 2021 and December 10, 2021. The investigation also confirmed that some of the files in the affected employee email accounts contained sensitive information from certain patients.
When Gifted Healthcare discovered that sensitive consumer data could be accessed by an unauthorized party, Gifted Healthcare began reviewing all affected files to determine which information was compromised and which consumers were affected by the incident. Gifted Healthcare completed the review of the files on July 25, 2022. While the information breached varies by individual, it may include your name, address, Social Security number, financial information, and medical information.
On August 24, 2022, Gifted Healthcare sent data breach letters to all individuals whose information has been compromised as a result of the recent data security incident.
Learn more about gifted health care
Founded in 2006, Gifted Healthcare is a healthcare personnel company specializing in providing temporary nurses to healthcare practices across the country. Gifted Healthcare has a primary focus on LTAC solutions for nurses and government contracts. The company also recruits heavily qualified candidates as travel nurses. Gifted Healthcare employs more than 1,994 people and generates annual revenues of approximately $1 billion.
When is a company financially liable for the damage suffered by a victim of a data breach?
The Gifted Healthcare data breach is relatively recent news and more information about the incident is expected to come out in the near future. At this point, however, it appears that Gifted Healthcare’s breach involved unauthorized access to the company’s IT network, giving the unauthorized party access to individuals’ sensitive data.
In a situation like this, it can be difficult to determine whether a company is liable for a data breach, and consumers whose information has been leaked may not know who to turn to.
As a general rule, any company that maintains, stores, transmits or receives consumer data has a legal obligation to the consumer. It is generally irrelevant how the company came into possession of a consumer’s information – the question is whether the party that leaked the information was negligent.
In the context of data breaches, a victim can prove that a company was negligent by demonstrating the following elements:
The organization owed the victim a duty of care;
The organization has violated its duty to the victim;
The organization’s negligence caused or contributed to the victim’s harm (ie, identity theft); and
The victim suffered economic or non-economic injury as a result.
While this may sound simple, it can be challenging to prove these elements, especially when there is a significant delay between the date of the incident and the date the company notified the consumer. While there may be good reasons for a delayed letter about data breaches, companies should generally try to notify affected individuals as soon as possible as this will allow them to take corrective action to reduce the risk of fraud. An experienced data breach attorney can assist victims of the Gifted Healthcare data breach in assessing their options and determining whether they have a legal claim against the company.