More Than 585,000 Individuals Affected by Designed Receivable Solutions Data Breach
The Cypress, CA-based revenue cycle management company, Designed Receivable Solutions (DRS), has recently confirmed the details of a data breach that was reported to the HHS’ Office for Civil Rights on March 23, 2024, as involving the protected health information of 129,584 individuals, and the Maine Attorney General as affecting 498,686 individuals. In an updated breach report sent to the Mane Attorney General, Designed Receivable Solutions has increased the total number of individuals affected to 585,204.
On January 22, 2024, DRS identified suspicious activity within its network. Third-party cybersecurity specialists were engaged to investigate the incident and determine the cause of the activity. The investigation confirmed that an unauthorized actor accessed its systems on January 18, 2024, and viewed and exfiltrated files from its systems. On March 8, 2024, after a time-consuming and detailed review of the files, DRS confirmed that they contained the personal and protected health information of current and former patients of its healthcare clients.
Following that determination, DRS has been working with the affected clients to review and verify the affected information and obtain up-to-date contact information to allow notification letters to be issued. DRS said the types of data involved varied from individual to individual and may have included names, addresses, dates of birth, health insurance information, dates of service, and Social Security numbers. DRS has reviewed its policies and procedures related to data privacy and is taking steps to reduce the risk of a similar incident in the future and has offered the affected individuals complimentary credit monitoring services.
As OCR recently confirmed in a website Q&A regarding breach notification letters, HIPAA-covered entities are ultimately responsible for ensuring notification letters are sent to the affected individuals when there is a data breach at a business associate, but the covered entity may delegate the responsibility of providing individual notices to the business associate.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
DRS is issuing notification letters on behalf of the following covered entity clients:
- Air Methods
- AMG Healthcare Management Services
- CAN Emergency Physicians
- Cedars-Sinai Medical Center
- CHA Hollywood Presbyterian Medical Center, L.P.
- Core Orthopaedics Medical Center
- GEM Physicians Group
- Marshall Medical Center
- OptumCare Management, LLC
- Redlands Community Hospital
- Ridgecrest Regional Hospital
- South Coast ER Medical Group
- Southland Medical Corporation
- Springhill Emergency Physicians
- Sycamore Physicians, LLC
- USC Arcadia Hospital (formerly Methodist Hospital of Southern California)
- Valkyrie Clinical Trials, Inc.
