Share this article on:
Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. discovered on June 4, 2021 that unauthorized individuals had gained access to its network and potentially viewed private and confidential employee and patient information.
The affected systems were immediately taken offline to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the attack. On June 24, 2021, Forefront determined that certain files stored on its network had been accessed and potentially obtained which contained the personal information of a limited number of Forefront employees, including their names and Social Security numbers. The investigation revealed its network was first breached on May 28, 2021 and access remained possible until June 4, 2021.
During the course of the investigation, Forefront determined the unauthorized individual also accessed files that included the personal and protected health information of a limited number of current and former Forefront patients.
Patient information potentially compromised in the attack included names, addresses, dates of birth, patient account numbers, health insurance member ID numbers, medical record numbers, dates of service, provider names, and/or medical and clinical treatment information.
The breach report submitted to the Maine state attorney general indicates 4,431 individuals were affected by the breach, but in a website notice, Forefront Dermatology said, “While the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access.” The breach report submitted to the HHS’ Office for Civil Rights indicates up to 2,413,553 individuals were potentially affected.
While there is no indication that any information in the files has been misused, Forefront is offering affected individuals a complimentary 12-month membership to TransUnion’s myTrueIdentity Credit Monitoring Service. Forefront said it is enhancing its security protocols to help prevent a similar incident from occurring in the future.