Access TeleCare Data Breach Exposes Personal Health Information

Access TeleCare, a leading provider of acute and specialty telemedicine services, recently experienced a significant data breach that exposed sensitive personal and medical information of thousands of individuals. The breach occurred between November 6, 2023, and January 8, 2024, when an unauthorized party accessed and potentially downloaded data from certain employee email accounts. The breach was discovered on January 8, 2024, prompting an immediate investigation.

The investigation revealed that the compromised email accounts contained a variety of sensitive information, including personal health information (PHI). A detailed review process concluded on August 30, 2024, identifying the individuals whose data was impacted. The breach affected individuals in multiple states, with 8,786 people impacted in Texas, 677 in Massachusetts, and 53 in Rhode Island.

Information exposed:

• Name
• Address
• Social Security Number
• Driver’s License Number
• Date of Birth
• Medical Record Number
• Patient Account Number
• Medical Information
• Clinical Information
• Provider Name and Location
• Health Insurance Information

The breach was reported to the California Attorney General on December 24, 2024, the Massachusetts Attorney General on December 23, 2024, and the Texas Attorney General on January 15, 2025.

Access TeleCare's response

In response to the breach, Access TeleCare took several steps to mitigate the situation and protect affected individuals. Upon discovering the unauthorized access, the company immediately disabled the compromised email accounts and engaged third-party forensic specialists to investigate the nature and scope of the breach. Access TeleCare also worked with a data review vendor to analyze the affected email accounts and identify the impacted individuals.

The company has since implemented additional security measures to prevent similar incidents in the future. They also notified relevant government regulators, including the U.S. Department of Health and Human Services, and offered affected individuals 12 months of complimentary credit monitoring and identity theft protection services through TransUnion.

Affected individuals were notified via U.S. Mail and provided with instructions on how to enroll in the credit monitoring services. The enrollment deadline is March 23, 2024.

Steps to take if you are affected by the data breach

If you received a notification from Access TeleCare, it is important to take proactive steps to protect your personal and financial information. Here’s what you should do:

1. Enroll in credit monitoring services: Access TeleCare is offering free credit monitoring and identity theft protection services through TransUnion. Follow the instructions in your notification letter to enroll before the March 23, 2024 deadline.
2. Monitor your accounts: Regularly review your bank, credit card, and other financial account statements for unauthorized transactions. Report any suspicious activity immediately.
3. Check your credit report: You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion). Visit Annual Credit Report to request your reports.
4. Place a fraud alert or credit freeze: Consider placing a fraud alert on your credit file to make it harder for identity thieves to open accounts in your name. Alternatively, you can request a credit freeze to restrict access to your credit report.
5. Stay vigilant: Be cautious of phishing emails or phone calls requesting sensitive information. Verify the legitimacy of any communication before sharing personal details.
6. File a complaint if needed: If you suspect identity theft, report it to the Federal Trade Commission (FTC) at IdentityTheft.gov and consider filing a police report.

For additional assistance, you can contact Access TeleCare’s dedicated support line at 1-833-799-4431, available Monday through Friday from 8:00 AM to 8:00 PM Eastern Time, excluding major U.S. holidays.