Norwood Clinic Data Breach

Featured image of blog post
By
Mike Bradley
March 15, 2022
Data Breach
Norwood Clinic Data Breach

Jon Mann, a partner with the firm, has this to say about the Norwood Clinic Data Breach

The scope of the breach coupled with the amount of time it took Norwood Clinic to discover it shows a real lack of security and responsibility for their patients’ sensitive information. Norwood Clinic admitted to state and national authorities that hackers had access to ~228,000 patients’ PII and PHI for over a month, and then waited four months to inform the victims. Each patient is at an increased risk of identity theft and must spend time establishing safeguards and monitoring their credit profiles and financial accounts. It’s not easy resolving identity theft or financial fraud, but we’re happy to provide tips to anyone who needs help or they can call and receive a free confidential consultation.

Pittman, Dutton, Hellums, Bradley & Mann, P.C., a Birmingham, Alabama based law firm experienced in data breach and consumer class action cases, is investigating claims on behalf of victims of a healthcare data breach involving Norwood Clinic, a multispecialty medical group of 25 physicians headquartered in Fultondale, Alabama.

On March 8, 2022, Norwood Clinic began sending Notice of Data Security Incident letters to 228,103 current and former patients whose personal identifiable information (“PII”) and protected health information (“PHI”) was accessed by an unauthorized third party[1]. Here is a copy of the data breach notification letter sent by Norwood  Clinic:

Notice of Data Security Incident

If you received this letter, please contact our office at (205) 322-8880 as soon as possible to discuss your potential legal rights and remedies.

What Information Was Accessed?

This data breach is significant because the unauthorized third party (hackers) accessed a server containing patients’ sensitive data including:

  1. Personal identifiable information (“PII”) (such as name, contact information, date of birth Social Security Number, Drivers license number); and
  2. Protected health information (“PHI”) (such as limited health information and/or health insurance policy number).

When Did the Data Breach Occur?

The hackers obtained access into Norwood Clinic’s systems for 32 days, from September 20, 2021, until on October 22, 2021, when Norwood Clinic finally discovered the breach.

However, Norwood Clinic failed to immediately disclose the data breach and waited 126 days later, on February 25, 2022, when they informed the United States Health and Human Services Office of Civil Rights.

The scope of the breach coupled with the amount of time it took Norwood Clinic to discover it shows a real lack of security and responsibility for their patients’ sensitive information.

What Caused the Norwood Clinic Data Breach?

According to Norwood Clinic in its reports to governmental entities including the Maine and Massachusetts Attorney Generals and U.S. Department of Health and Human Services Office of Civil Rights, on September 20, 2021, an unauthorized party gained access to Norwood Clinic servers storing patient information.[2] Norwood Clinic did not discover the breach until October 22, 2021.[3] Norwood Clinic did not begin notifying victims of this security incident until March 8, 2022.[4]

What Information Was Impacted in the Data Breach?

Information stored on the affected servers included:

  • Names
  • Contact information
  • Dates of birth
  • Social Security numbers
  • Driver’s License numbers
  • Health information
  • Health insurance policy numbers[5]

How Many People Are Impacted by the Data Breach?

Approximately 228,103 current and former patients had their personal information compromised in the Norwood Clinic data breach.[6]

How Can I Tell If My Data Was Stolen?

There are several steps you can take to check if your data was affected:

  • Be on the lookout for updates: Watch your email to see if you receive the letter mentioned above or any updates/additional information.
  • Watch out for phishing attempts: However, be wary of scammers claiming to be from Norwood Clinic asking you to provide information or click on a link. If in doubt, contact the company or consult with a lawyer.
  • Monitor your account activity: Check suspicious charges on your statements. Scammers and identity theft perpetrators often test with smaller charges before charging large bills.

What Should I Do if I Received Notification of the Norwood Clinic Data Breach? How Do I Pursue Legal Recourse?

The scope of the breach coupled with the amount of time it took Norwood Clinic to discover it shows a real lack of security and responsibility for their patients’ sensitive information. Norwood Clinic admitted to state and national authorities that hackers had access to ~228,000 patients’ PII and PHI for over a month, and then waited four months to inform the victims.

From our experience, we anticipate speaking with current and former Norwood Clinic patients who are now victims of identity theft and financial fraud due to no fault of their own. Each patient is at an increased risk of identity theft and must spend time to establish safeguards and monitor their credit profiles and financial accounts. It's not an easy process and we're happy to provide tips to anyone who needs help or they can call and receive a free confidential consultation.

If you would like to have a free, confidential consultation with an attorney to learn more about your rights and potential legal remedies in responding to the Norwood Clinic data breach, please call or text Pittman, Dutton, Hellums, Bradley & Mann, P.C. attorneys Jon Mann or Austin Whitten at (205) 322-8880, or email us at jon@pittmandutton.com or austinw@pittmandutton.com, or submit a Case Evaluation request through the form on the side of the page.

[1] https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
[2] https://apps.web.maine.gov/online/aeviewer/ME/40/59fb8783-b735-43e8-bae5-ddd4263d043e.shtml
[3] Id.
[4] Id.
[5] https://www.norwoodclinic.com/forms/cybernotice.pdf
[6] Supra, n.1.

RECENT POSTS

NextGenBHM Law 2022 Award Winner: Attorney Emily Irvin Curran
Home to Multiple “Best Lawyers” in Birmingham: Pittman, Dutton, Hellums, Bradley & Mann, P.C.
Named Among “Best Law Firms” in Birmingham: Pittman, Dutton, Hellums, Bradley & Mann, P.C.
Exactech Hip Implant Recall Lawsuit
When Should I Contact an Auto Accident Lawyer?

CATEGORIES

  • Car Accidents
  • Firm News
  • Personal injury
  • Product Liability
  • Wrongful Death

GET A FREE CASE EVALUATION

Fill out the form below to contact our firm. One of our experienced attorneys is prepared to speak with you. Consultations are free and confidential.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Have you been injured in an accident?

Pittman, Dutton, Hellums, Bradley & Mann

Pittman, Dutton, Hellums, Bradley & Mann is a team of personal injury lawyers in Birmingham, Alabama. We serve clients throughout the United States for all types of personal injury cases.

Navigation
Get Social

© 2021 Pittman, Dutton, Hellums, Bradley & Mann, P.C. - All Rights Reserved

The recoveries and testimonials on this website are not an indication of future results. Every case is different, and regardless of what friends, family, or other individuals may say about what a case is worth, each case must be evaluated on its own facts and circumstances as they apply to the law. The valuation of a case depends on the facts, the injuries, the jurisdiction, the venue, the witnesses, the parties, and the testimony, among other factors. Furthermore, no representation is made that the quality of the legal services to be performed is greater than the quality of legal services performed by other lawyers.