On August 30, 2024, EngageMED notified the U.S. Department of Health and Human Services Office for Civil Rights about a data breach that allowed an unauthorized party to access its IT network. The breach exposed sensitive consumer information, including names, addresses, dates of birth, Social Security numbers, medical details, health insurance information, and claim data. Following the breach, EngageMED began sending data breach notification letters to all individuals affected by the security incident to inform them of the potential exposure of their personal information.
The breach was identified on July 3, 2024, when EngageMED detected suspicious activity within its computer network. In response, the company secured its systems and alerted law enforcement while launching an internal investigation to ascertain the nature of the breach. The investigation revealed that unauthorized access occurred between June 12 and July 3, 2024, during which the perpetrator accessed portions of the network containing confidential patient information.
Upon confirming the breach, EngageMED undertook a comprehensive review of the compromised files to identify the specific information affected and the individuals involved. The extent of the leaked information varied by individual but could include critical personal and health-related data. EngageMED made efforts to ensure that those impacted by the breach would receive a clear understanding of the specific data that was compromised.
EngageMED, established in 1995 and based in Little Rock, Arkansas, specializes in providing healthcare support services. Originally founded as Arkansas Physician Management, Inc., the company rebranded to EngageMED in 2018 and offers a variety of services, such as revenue cycle management and practice operational support. With over 603 employees and generating approximately $107 million in annual revenue, EngageMED plays a significant role in assisting healthcare providers with operational efficiency and patient care management.
Reference:
