USA: Optima Dermatology Holdings notifies OCR of data security incident
Optima Dermatology Holdings LLC notified, on 18 April 2022, the U.S. Department of Health and Human Services ('HHS') Office for Civil Rights ('OCR') of a data security incident affecting 59,872 individuals. In particular, Optima Dermatology Holdings stated that between 30 August 2021 and 2 September 2021 an employee email account had been accessed by an unauthorised party, and immediately upon learning of the security incident, it proceeded to secure the email account in question and launched an investigation.
In light of the investigation, Optima Dermatology Holdings noted that an unauthorised actor had accessed and potentially obtained the following information: full names, dates of birth, medical treatment and/or conditions information, health insurance claims and/or application information, health insurance policy and/or subscriber numbers, and medical record numbers.
Lastly, Optima Dermatology Holdings noted that after the discovery of the incident it notified individuals whose information was involved and provided them with best practices for protecting their information. In addition, Optima Dermatology Holdings stated it has implemented additional security measures to protect data and established a dedicated toll-free response line for customers who have questions or want to determine whether they have been impacted by the security incident.