The breach targeted an archive of emergency patients' data maintained by Transformative Healthcare, Fallon's parent company. Compliance with legal obligations led Fallon to maintain an archived copy of data after closure.
Representatives of Fallon secured the archive and initiated a comprehensive investigation with third-party specialists to address the unauthorized access.
According to a letter sent by Fallon to the state of Maine, where it had operated as well, “After an extensive review of the event, Fallon identified that the activity appears to have occurred as early as February 17, 2023 through April 22, 2023 and that files were obtained by an unauthorized party that may have contained personal information the breach exposed personal information, including names, addresses, Social Security numbers, and detailed medical records.”
The investigation was completed on December 27, 2023.
As affected individuals grapple with potential consequences, questions arise about the responsibility of companies to secure archived data. This incident serves as a cautionary tale for the healthcare industry, emphasizing the need for robust cybersecurity measures. It urges affected individuals to monitor accounts closely and highlights the broader need for the healthcare sector to prioritize and invest in continuous cybersecurity efforts to prevent such breaches in the future.