MEDNAX Services, Inc. is a large health care organization that partners with hospitals, health systems and health care facilities throughout the United States to offer clinical services spanning the continuum of care, as well as revenue cycle management, patient engagement and perioperative improvement consulting solutions. It focuses on neonatal, maternal-fetal and pediatric physician subspecialty services.
On June 19, 2020, MEDNAX discovered that an unauthorized third party gained access to certain Microsoft Office 365-hosted MEDNAX business email accounts after multiple MEDNAX employees responded to email phishing attempts by hackers. The unauthorized access to MEDNAX’s accounts took place between June 17, 2020 and June 22, 2020.
MEDNAX did not begin notifying victims of the breach until December of 2020. A copy of a sample notification letter provided to individuals whose data may have been compromised can be found here.
What data was compromised in the breach?
It has been reported that this breach may have exposed the sensitive personal, financial, and health data of over 1.2 million people.
So far, the data believed to have been exposed in the breach includes:
(1) patient contact information (such as patient name, guarantor name, address, email address, and date of birth);
(2) Social Security number, driver’s license number, state identification number, and/or financial account information;
(3) health insurance information (payor name, payor contract dates, policy information including type and deductible amount and subscriber/Medicare/Medicaid number);
(4) medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and Medical Record Numbers); and
(5) billing and claims information (invoices, submitted claims and appeals, and patient account identifiers used by your provider).
What if I think my data may have been exposed or I received a notification about the data breach?
If you received a notification letter or believe that you or a loved one’s data was exposed in the breach and would like to have a free, confidential consultation with an attorney to learn more about your rights and potential legal remedies, please contact Markovits, Stock & DeMarco at (513) 651-3700, email us at [email protected], or submit a Case Evaluation request through the form below.