Professional healthcare management notifies stakeholders of a data security incident
MEMPHIS – (COMMERCIAL THREAD) – Professional Healthcare Management, Inc. (“PHM”)1, located in Memphis, Tennessee, today announced that it has recently become aware of a data privacy incident affecting its servers, which contained protected information about the health and personal information of certain customers and employees of PHM. PHM is a company which mainly operates in the home health care service industry and provides related health care services. PHM is committed to keeping the community informed, communicating about the steps they are taking towards resolution, and ensuring those affected have the tools they need to minimize the impact of the incident.
On September 14, 2021, PHM discovered that it was the victim of a sophisticated ransomware attack. After discovering the incident, PHM quickly took action to secure and safely restore its systems and operations. In addition, PHM immediately engaged third party forensic and incident response experts to conduct a thorough investigation into the nature and scope of the incident and to assist with remediation efforts. PHM’s investigation is ongoing, but after performing a full review of the affected data, PHM believes it may contain protected health information.
PHM notifies those potentially affected by this incident by mail (if possible) and provides measures that can be taken to protect their information, including free identity protection and monitoring services. PHM recommends that these individuals sign up for the services provided and follow the recommendations contained in the notification letter in order to increase the likelihood that their information will remain protected. As of the date of this release, PHM has no evidence to indicate misuse of the information. Notification to those potentially affected by this incident is done as a precaution and in accordance with the organization’s obligations under the Health Insurance Portability and Accountability Act (HIPAA).
Additionally, after reviewing potentially affected protected health and personal information, the MPS determined that it could include first and last name, social security number, health insurance information (Medicaid number, Medicare number, and insurance identification number), the name of the prescription and the diagnosis. codes). Again, as noted above, it’s important to note that PHM has no evidence of any misuse of information as of the date of this posting.
In response to this incident, PHM is implementing additional cybersecurity security measures, improving its cybersecurity policies, procedures and protocols, and implementing additional cybersecurity training for employees.
“We take the security and privacy of the information in our systems very seriously. In addition, we were shocked to discover that we were among the thousands of victims of this type of cyberattack, âsaid Amanda Egner, CIO of PHM. “We are fully committed to protecting the information on our systems and sincerely regret the concerns and inconvenience caused by this event. We thank the community, our employees, patients and partners for their support during this event. ”
As a precautionary measure, PHM recommends that individuals remain vigilant by carefully reviewing their account statements and credit reports. If suspicious activity is detected, PHM strongly advises the account holder to promptly notify the financial institution or company that manages the account. Additionally, individuals should promptly report any fraudulent activity or suspected incidence of identity theft to law enforcement authorities, including their state attorney general and the Federal Trade Commission (FTC). To file a complaint or to contact the FTC, you may (1) send a letter to Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580; (2) go to IdentityTheft.gov/databreach; or (3) dial 1-877-ID-THEFT (877-438-4338). Complaints filed with the FTC will be added to the FTC’s Identity Theft Data Clearinghouse, a database made available to law enforcement agencies.
For more information on identity theft protection tips, please visit www.qualityfirsthc.com, www.volunteerhomecare.com or www.affinityhospice.net.
For those looking for more information or have questions, please call the dedicated toll-free helpline specially set up for this purpose at 1-833-760-0502, Monday to Friday, 8:00 a.m. to 8:00 p.m. (EST). In addition, those wishing to contact PHM directly can write to Professional Healthcare Management, 7900 Players Forest Drive, Memphis, TN 38119.
1 Professional Healthcare Management, Inc. is a management company that manages (or previously managed) five healthcare entities (Volunteer Home Care Inc.; Volunteer Home Care of West TN., Inc.; Volunteer Home Care of Middle TN., Inc., which also operates as Quality First Home Care, Springhill Home Health and Hospice, and Affinity Health Care).