On August 9, 2024, siParadigm, a business services company based in Pine Brook, New Jersey, officially notified the U.S. Department of Health and Human Services Office for Civil Rights about a data breach involving unauthorized access to confidential information provided to the company. The breach reportedly involved sensitive consumer data, although specific details about what information was accessed remain unclear at this time. Following the completion of their investigation, siParadigm intends to send data breach notification letters to all individuals affected by the security incident.
The nature of the data breach indicates that it may have been a result of a “hacking/IT incident” related to a network server, but further specifics regarding how the breach occurred are not available in siParadigm’s filing with the HHS-OCR. Notably, siParadigm has not released a website notice or press release that would provide additional context about the incident. It is also possible that the breach originated from a cyberattack targeting one of siParadigm’s third-party vendors, though this has not been confirmed.
Upon learning about the unauthorized access, siParadigm undertook a review of the compromised files to ascertain which information was leaked and which consumers were impacted. Despite this investigation, the filing did not disclose the types of data involved in the breach. However, the company is required to inform affected individuals once the investigation concludes, providing details about what specific information was compromised.
siParadigm is recognized for offering laboratory testing services, including tests designed for detecting tissue-based and liquid biopsies related to solid tumors and hematologic cancers. The company has earned national accreditation from CLIA and CAP, in addition to having local licenses in several states. With a workforce of over 304 employees, siParadigm generates approximately $35 million in annual revenue, emphasizing its role in providing essential health services amid challenges related to data security.
Reference: