Welcome Health Data Breach Exposes Sensitive Info of Clients & Contractors

Welcome Health, a medical group focused on providing care to older adults, recently experienced a significant data breach. On July 8, 2024, the company discovered suspicious email activity, which led to an investigation revealing unauthorized access to certain Welcome Health systems.

This breach occurred between June 11, 2024, and July 8, 2024, due to compromised credentials of a Welcome Health user. The unauthorized access potentially exposed sensitive information of both patients and contractors.

The breach involved the unauthorized party accessing emails and a limited number of files, which contained protected health information (PHI) and personal information (PI).

The types of consumer information exposed include:

• Patients: first name, last name, date of birth, patient number, health plan member number, claim number, dates of service, diagnosis, and treatment.
• Contractors: first name, last name, social security number (SSN), or tax identification number (TIN).

The breach was disclosed to the California Attorney General's office, and more details can be found on the California Attorney General's website.

In response to the breach, Welcome Health took immediate action by terminating the unauthorized access and engaging a nationally recognized forensic investigator to assess the situation. The company has reinforced its security policies and provided targeted security training to its workforce. Additionally, Welcome Health has enhanced its security posture to prevent similar incidents in the future.

To support those affected, Welcome Health is offering free credit monitoring and identity protection services for two years through Experian. Affected individuals can find instructions for enrollment in the identity protection services in the notice provided by Welcome Health.

If you have been affected by this data breach, it is crucial to take proactive steps to protect your personal information. Here are some recommended actions:

1. Enroll in Identity Protection Services: Welcome Health is offering complimentary access to Experian IdentityWorks for 24 months. Make sure to enroll by December 5, 2024, using the activation code provided in the notice.
2. Monitor Your Accounts: Regularly review your account statements and monitor your credit reports for any suspicious activity. You can order your free annual credit report from AnnualCreditReport.com.
3. Place a Fraud Alert: Consider placing a fraud alert on your credit file to prevent identity thieves from opening new accounts in your name. This can be done by contacting any of the three major credit bureaus.
4. Consider a Security Freeze: A security freeze can provide an additional layer of protection by preventing new credit accounts from being opened without your consent. Contact each credit bureau to place a freeze on your credit file.
5. Report Suspicious Activity: If you detect any unauthorized transactions or suspect identity theft, report it immediately to your financial institution and local law enforcement.

For more detailed guidance, refer to the Federal Trade Commission's identity theft resources.