Data Breach Alert: Florida Digestive Health Specialists, LLP

Recently, Florida Digestive Health Specialists, LLP announced that the personal, identifying, financial, and health information of approximately 212,509 individuals was compromised in a data breach. Our data breach attorneys are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently learned your information was compromised in the recent breach, reaching out to a data breach lawyer is the first step to understanding all of your options.

What to Know About the Florida Digestive Health Specialists, LLP Data Breach

The company recently reported discovering on December 16, 2020, that an unauthorized party gained access to certain files on its servers. A subsequent investigation revealed that the files may have contained the following information:

• First and last names

• Addresses

• Dates of birth

• Social Security numbers

• Financial information

• Medical information, including diagnoses

• Health insurance information, including health insurance individual policy numbers and Medicare/Medicaid information

Anyone in receipt of a Florida Digestive Health Specialists, LLP data breach notification letter may now face an increased risk of identity theft and other financial losses. Our data breach attorneys will be investigating this recent cybersecurity incident to determine whether the company took the necessary steps to keep your data secure and whether those impacted by the breach can pursue a data breach class action lawsuit.

What Is a Data Breach?

A data breach occurs when a hacker or other unauthorized party secretly gains access to sensitive consumer information stored on a company’s servers through some kind of cyberattack. Once a hacker obtains consumer data, they may use the information to commit identity theft or for other criminal purposes. Sometimes hackers will sell the data they obtain through a cyberattack to the highest bidder.

No one can tell with certainty why a hacker targeted your data in a data breach or what they plan to do with it, but the fact that your sensitive information is in the hands of an unauthorized party puts you at a greater risk of identity theft.

As consumers, we all provide personal data to companies for a variety of reasons. We trust these companies to protect our private data and keep this information secure. Unfortunately, data breaches happen frequently.

Our attorneys are investigating data events like this security breach to determine the legal rights of consumers who trusted corporations with their sensitive information. Often, hackers target companies that rely on outdated or otherwise inadequate data security measures. If it is determined that Florida Digestive Health Specialists, LLP did, in fact, fail to properly protect consumers’ data in some way, the individuals affected may be eligible to pursue compensation for their financial losses.

What Can You Do After a Data Breach?

If you received a data breach letter from the company that experienced a data security incident, it means that an unauthorized person—likely a criminal—may have accessed, viewed, and retained your personal information. While the company cannot know why the third party sought out your information and what they plan to do with it, the situation justifies a certain level of precaution on your part.

Below are a few ways to protect yourself from identity theft and the other possible financial risks that can stem from a data breach:

1. Carefully read the data breach letter to determine what information of yours was accessible;

2. Make a copy of the letter for your records;

3. Enroll in the free credit monitoring service provided to you (you will need information contained in the data breach letter to do this);

4. Change all your passwords and security questions for any online accounts;

5. Enable two-factor authentication, where it is available;

6. Regularly review your credit card and bank account statements for any signs of suspicious activity;

7. Monitor your credit report for any unexpected changes that may be a sign of identity theft;

8. Contact one of the major credit bureaus to request they add a fraud alert to your profile;

9. Consider putting in place a credit freeze with the three major credit bureaus; and

10. Notify your banks and credit card companies of the data breach.

When you put a freeze on your credit, it serves to prevent access to your credit report. You would have to specifically authorize any requests to access your credit report. It doesn’t cost you anything to initiate a credit freeze, and the freeze remains until you go through the process of removing it—although you may authorize temporary lifts of the credit freeze if you will be applying for credit through any lender or creditor. Even though the Identity Theft Resource Center (ITRC) calls putting in place a credit freeze the “single most effective way to prevent a new credit/financial account from being opened,” only 3% of consumers whose sensitive personal data has been compromised actually use this tool to protect their credit and reduce the risk of identity theft.

To protect and preserve their legal rights, it is highly recommended that individuals who received notice that their data may have been compromised immediately reach out to an experienced data breach attorney.

Data Breach Lawyers Are Investigating This Security Incident and the Potential for a Data Breach Class Action

Companies have a legal duty to protect consumers’ personal, identifying, financial, and health information. While developing and implementing a comprehensive and up-to-date data security system is costly, this is a necessary cost of doing business in an environment where cyberattacks and data breaches are common.

Data breach laws are complex, and just because your information may have been accessed while in Florida Digestive Health Specialists, LLP’s care doesn’t necessarily make this company legally responsible. However, if a company fails to take appropriate actions to protect consumers’ sensitive information, it may face liability through a data breach class action lawsuit.

If you received a data breach notification letter, it is important that you not only protect yourself from possible fraud but also preserve your legal rights by speaking to a data breach attorney. Consumer privacy lawyers are undertaking investigations in legal matters involving all types of data breaches, ransomware attacks, and cyberattacks on a no-win, no-fee basis.

Find a copy of the data breach letter here.

Notice of Data Breach

Dear [RECIPIENT]:

Florida Digestive Health Specialists, LLP (“FDHS”) experienced a data security incident that may have impacted your protected health information (“PHI”). Specifically, the incident in question may have resulted in the disclosure of your name and medical information. We take the privacy and security of information involving our patients seriously, and sincerely apologize for any concern or inconvenience this may cause you. This letter contains information about steps you can take to protect your information and resources we are making available to help you.

1. Nature of security incident.

On December 16, 2020, an employee noted suspicious activity within their FDHS email account that resulted in suspicious emails having been sent from their employee account. Several days later, on December 21, 2020, FDHS learned that funds had been misrouted to an unknown bank account. FDHS immediately began an investigation to determine how the incident occurred, and what could be done to better protect our systems. We also engaged Clark Hill PLC (“Counsel”) to assist in the investigation of this incident and at Counsel’s direction, engaged a nationally-recognized, third-party computer forensics firm, Kivu, to further assist in the investigation. The investigation found that a limited number of FDHS employee email accounts had been accessed by unauthorized users. That investigation was involved and, though access was confined to a limited number of FDHS email accounts, those accounts were voluminous. FDHS investigated those email accounts to determine what information was found in those accounts, whether it constituted personal information, protected health information, or other confidential information, and to whom that information belonged. This process took a considerable amount of time and only concluded on November 19, 2021.

2. What information was involved?

The categories of PHI present in the posted data set include your first and last name, address, date of birth, Social Security number, financial information, health insurance information, medical information, diagnosis, health insurance individual policy number, and Medicare/Medicaid information.

3. What are we doing?

To further enhance security since this incident, FDHS has reset passwords, enabled multi-factor authentication in our email environment, and other enhanced security protocols. FDHS has also re-trained its employees on the proper handling of protected health information.

In addition, as a safeguard, we are offering identity theft protection services through IDX, the data breach and recovery services expert, at no charge to you. IDX identity protection services include: > of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised. Enroll in free identity protection services by calling 1-833-365-2604 or going to https://response.idx.us/fdhs and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 9 am - 9 pm Eastern Standard Time. Please note the deadline to enroll is March 27, 2022.

Additionally, in response to this incident, FDHS has taken steps to increase the security of its systems including, resetting passwords, enabling multi-factor authentication throughout our IT systems, and other enhanced safety protocols. We also deployed additional security controls, strengthened password protocols, and reconfigured our firewall.

4. What can you do?

It is always a good idea to review your bank account and other financial statements, and immediately contact your financial institution if you identify suspicious activity. We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling 1-833-365-2604 or going to https://response.idx.us/fdhs and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 9 am - 9 pm Eastern Time. Please note the deadline to enroll is March 27, 2022.

Additional information about protecting your identity is included in this letter, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file. We also encourage you to review your account statements and explanation of benefits, and to monitor your credit report for suspicious activity.

For More Information

You will find detailed instructions for enrollment on the enclosed Recommended Steps document. Also, you will need to reference the enrollment code at the top of this letter when calling or enrolling online, so please do not discard this letter.

Please call 1-833-365-2604 or go to https://response.idx.us/fdhs for assistance or for any additional questions you may have.