Healthcare provider Omni Family Health manages facilities located in Kern, Kings, Tulare, and Fresno counties in California. The company notified patients and staff members concerning the possible theft of their protected health information (PHI) during a cyberattack. On August 7, 2024, the company found out from reports that a cybercriminal published the stolen data from its system on the dark web. Investigation of the incident confirmed that the leaked information involved the patients and employees of Omni Family Health.
The breach seems to be associated with a cyberattack that happened in February 2024, which resulted in the outage of Omni’s systems for 5 days. Back then, the provider took immediate steps to prevent further unauthorized access and made an investigation that didn’t indicate any personal data breaches at first. But recent information suggests that the dark web data leak could be associated with that previous cyberattack, although there is no confirmed connection yet.
The types of breached data differ from one person to another. The data of current and past patients like names, addresses, dates of birth, Social Security numbers, health insurance info, and medical documents might have been stolen. Information of employees that could have been impacted in the breach may include names, addresses, dates of birth, Social Security numbers, health information, and health insurance data, financial account details connected with direct deposits, and dependent and beneficiary information if provided to Omni.
Considering that stolen information was already posted on the dark web, Omni Family Health advises all those affected to immediately take action to protect themselves from fraud and identity theft. They suggest obtaining a free annual credit report from national consumer reporting companies and frequently examining financial accounts and statements for suspicious activity. The substitute breach notice published on the Omni website doesn’t offer complimentary credit monitoring services or identity theft protection.
As required under HIPAA law, Omni Family Health has submitted the breach report to regulatory authorities, even though the incident is not yet appearing on the Department of Health and Human Services’ Office for Civil Rights breach portal. It is still unknown currently how many individuals were affected.
Image credits: ©Omni Family Health / Adnan, AdobeStock
