Migliaccio & Rathod LLP is currently investigating the Pittsburgh, Pennsylvania-based healthcare company Highmark Health, its marketing vendor Webb-Mason, Inc. (“Webb-Mason”), and Webb-Mason’s printing and mailing services provider the Quantum Group (“Quantum”) for a data breach incident that occurred in or around March of 2022. The incident occurred when the companies discovered that an unauthorized actor had accessed Highmark Health patient information in a cyberattack that targeted patient mailings on Quantum’s computer systems. An investigation into the attack found that the unauthorized actor had gained access to files in a healthcare provider mailing regarding prescription drug changes that contained patient names, Highmark member ID, dates of birth, and prescription information.
Although the companies investigated the incident and determined that patient information had been accessed between August 17 and October 11, 2021, Highmark Health did not announce the incident until March 11, 2022. Due to the lapse in time between the breach and the notice to affected patients, hackers may have already been able to acquire and sell sensitive patient information. In previous data breaches, victims of data theft have been forced to spend money on credit monitoring services or other fraudulent charges. Some individuals affected by the data breach may have noticed one or more of the following types of fraudulent activity related to their healthcare or financial information: unauthorized credit card charges, requests for loans or benefits in a patient’s name without their consent, fake medical procedures ordered, and/or disrupted use of the institution’s website or patient portal.
Are you or have you been a Highmark Health patient who has recently received a data breach notification letter?
If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data breaches. More information about our current cases and investigations is available on our blog.