Covenant HealthCare Data Breach and HIPAA Violations – Class Action Investigation

CSK&D is investigating a potential class action lawsuit after Covenant HealthCare confirmed reports of a recent data breach potentially exposing 45,000 patient accounts where “an unauthorized party obtained access to two Covenant HealthCare employee email accounts.” The accounts are said to contain highly sensitive medical and personal information including “names, addresses, DOBs, Social Security numbers, driver’s license numbers, medical diagnosis and clinical information, medical treatment information, prescription information, doctors’ names, medical record numbers, patient account numbers, and medical insurance information.”

An FBI investigation into the breach found that hackers were attempting to sell Covenant’s login and password information on the dark web. A Covenant HealthCare spokesperson confirmed that hackers repeatedly combined vulnerable user IDs with different passwords until a combination worked, allowing them access to the two employee email accounts.

Covenant HealthCare posted a notification of the breach on its website as of February 19, 2021, but stated that it became aware of the security incident 2 months prior, in December 2020, and that the breach originally occurred on May 4, 2020. Despite apologizing for the potential exposure of its patients’ highly sensitive personal and medical information, Covenant HealthCare has offered no form of relief, leaving breach victims to fend for themselves against potential fraud.

If you believe you were impacted by the Covenant HealthCare Data Breach or received a notification regarding the breach, please contact the lawyers listed below.