General Practitioner PC Warns Patients of Data Leak About Their SSNs and Protected Health Information | Console and Associates, PC

On October 4, 2024, General Physician, PC (“GPPC”) filed a data breach notice with the US Department of Health and Human Services’ Office for Civil Rights after discovering that an unauthorized party could access the company email account. In this notice, GPPC explains that the incident resulted in an unauthorized party being able to access sensitive consumer information, including their names, addresses, Social Security numbers, financial account information, dates of birth, information medical and health insurance information. After completing its investigation, GPPC began sending data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you have received a data breach notification from the GP, PC, it is essential that you understand what is at risk and what you can do about it. A data breach attorney can help you learn more about how to protect yourself from being a victim of fraud or identity theft, as well as discuss your legal options after a general practitioner data breach. For more information, see our recent article on the topic here.

What caused the GP data breach?

The GP data breach was only recently announced and more information is expected in the near future. However, GPPC’s filing with the US Department of Health and Human Services’ Office for Civil Rights provides important information about what led to the breach. GPPC also posted a notice on the website providing additional details about the incident.

According to these sources, on June 12, 2024, GPPC detected unusual activity within its email environment. In response, GPPC launched an investigation with the help of third-party cybersecurity experts to learn more about the incident and what, if any, confidential information may have been exposed.

On 6 August 2024, GPPC’s investigation confirmed that there was unauthorized access to a GPPC email account beginning on 6 April 2024 and ending on 12 June 2024. During this period , the unauthorized party was able to access and copy certain information within the affected email account.

After learning that sensitive consumer data was accessible to an unauthorized party, General Physician reviewed the compromised files to determine what information was leaked and which consumers were affected. GPPC recently completed this process, and while the breached information varies by individual, it may include your name, address, Social Security number, financial account information, date of birth, medical information, and medical insurance

On October 4, 2024, General Physician notified the Office of Civil Rights of the US Department of Health and Human Services of the breach. The following week, on October 15, 2024, GPPC posted a notice on the website. In this notice, GPPC notes that it plans to send data breach letters to anyone affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More information about General Physician, PC

Founded in 2012, General Physician, PC is a healthcare provider based in Dunkirk, New York. GPPC operates a large network of healthcare providers and facilities in Western New York. The company is also affiliated with OBGYN Associates of Western New York, Great Lakes Cardiovascular, Queen City OBGYN and Great Lakes Cancer Care Collaborative. General Physician employs more than 513 people and generates annual revenue of approximately $78 million.