Option Care Health Data Breach Exposes Protected Health Info

Option Care Health, a leading provider of home and alternate site infusion services in the United States, recently experienced a data breach that may have exposed sensitive patient information. The breach occurred on July 31, 2024, when an unauthorized party briefly gained access to an employee's email inbox. The company's security tools identified the suspicious activity and terminated the access immediately. However, further investigation revealed that some protected health information (PHI) of patients may have been impacted.

The breach was confirmed on September 16, 2024, after forensic experts conducted a comprehensive analysis. According to the company's disclosure, 2,897 individuals were affected by the breach.

Although financial information was not impacted, the exposure of PHI remains a serious concern, as it could potentially be used for identity theft or other malicious purposes. For more details, the California Attorney General's office has published the disclosure, which can be accessed on their website.

Option Care Health's response

In response to the breach, Option Care Health took several immediate and long-term actions to secure its systems and protect patient information. The company restricted access to the affected email inbox and reset its password. Additionally, it is reviewing its internal controls and security measures to prevent similar incidents in the future.

To support those affected, Option Care Health has partnered with Kroll, a leading risk management firm, to provide complimentary identity monitoring services. These services include single-bureau credit monitoring, fraud consultation, and identity theft restoration. Affected individuals can enroll in these services through Kroll’s activation website.

Steps to take if you are affected by the data breach

If you received a notification from Option Care Health regarding this breach, here are some important steps you should take to protect yourself:

1. Enroll in identity monitoring services: Take advantage of the free services offered by Kroll. Visit Kroll’s activation website and use the membership number provided in your notification letter. Be sure to enroll before the activation deadline.
2. Monitor your accounts: Regularly review your bank, credit card, and other account statements for any unauthorized activity.
3. Check your credit reports: Obtain free credit reports from AnnualCreditReport.com and look for any unfamiliar accounts or inquiries.
4. Report suspicious activity: If you notice any unauthorized transactions or signs of identity theft, report them immediately to your financial institution, local law enforcement, and the Federal Trade Commission (FTC).
5. Place a fraud alert or credit freeze: Consider placing a fraud alert or credit freeze on your credit file to make it harder for identity thieves to open accounts in your name.

By staying vigilant and taking these steps, you can minimize the potential risks associated with this data breach.