Data Breach Investigation of Leaked Ciox Health Patient Information

Migliaccio & Rathod LLP is currently investigating the Alpharetta, Georgia-based healthcare information management vendor Ciox Health for failing to safeguard sensitive patient information in a data breach that occurred in September of 2021. The data breach was caused by unauthorized access to an employee’s email account that allowed hackers to access patient information related to billing inquiries and customer service requests at a number of healthcare provider facilities that use Ciox Health Services. Examples of the types of data exposed in the leak include names, dates of birth, addresses, social security numbers, medical records, lab results, diagnoses, medications, health insurance information, and dates of services.

Some of the healthcare provider clients that have been affected by the Ciox data breach include:

• AdventHealth – Orlando
• Alabama Orthopaedic Specialists
• Baptist Memorial Health Care
• Butler Health Systems
• Cameron Memorial Community Hospital
• Centra Health
• Children’s Healthcare of Atlanta
• Coastal Family Health Center
• Copley Hospital
• DeSoto Memorial Hospital Health System
• EvergreenHealth
• Hoag Health System
• Hospital Sisters Health System
• Huntsville Hospital Health System
• Indiana University Health
• McLeod Health System
• MD Partners
• Niagara Falls Memorial Medical Center Health System
• Northern Light Mercy Hospital
• Northwestern Medicine
• Ohio State University Health System
• OrthoConnecticut
• Prisma Health – Greenville Health System
• Prisma Health – Palmetto Health
• Sarasota County Public Hospital District d/b/a Sarasota Memorial Health Care System
• Trinity Health – Holy Cross Hospital
• Trinity Health – Mount Carmel Health System
• Trinity Health – Saint Alphonsus Health System
• Trinity Health – St. Francis Medical Center
• Trinity Health – St. Joseph Mercy Health System
• Union Hospital Healthcare System
• Women’s Health Specialist

When cybercriminals target healthcare providers, these unauthorized actors can steal and sell patient information such as personal identifiers, insurance information, social security numbers, and other important data. In previous data breaches, for example, patients who have had their information stolen have had to spend money out of pocket for identity theft monitoring or other fraudulent charges. Some individuals may have noticed the following types of fraudulent activity: suspicious credit card charges, requests for financial services or loans in their name, medical procedures ordered without their knowledge, and/or disrupted patient care.

Are you or have you been a patient at a healthcare provider facility that uses Ciox Health information management services who has received a data breach notification letter in the past year?

If so, we would like to hear from you. Please complete the questionnaire below, send us an email at [email protected], or give us a call at (202) 470-3520.

The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.