Forefront Management, LLC and Forefront Dermatology, S.C. based in Manitowoc, WI found out on June 4, 2021 that unauthorized persons had obtained access to its system and possibly viewed personal and confidential staff and patient data.
The impacted systems were promptly taken off the internet to block unauthorized persons from further accessing the network. An investigation was started to identify the nature and extent of the breach. On June 24, 2021, Forefront confirmed that selected files kept on its system had been viewed and the hacker possibly acquired the personal data of a small number of Forefront workers, such as their names and Social Security numbers. According to the results of the investigation, the first breach of the network happened on May 28, 2021 and the hacker possibly accessed it until June 4, 2021.
Throughout the investigation, Forefront confirmed that the unauthorized person likewise accessed files that contained the personal data and protected health information (PHI) of a small number of present and past Forefront patients.
Patient data possibly exposed during the breach included names, addresses, birth dates, patient account numbers, health record numbers, medical insurance member ID numbers, dates of service, names of provider, and/or medical and clinical treatment data.
Forefront submitted a breach summary to state attorneys general indicating that 4,431 people were impacted by the breach. Although there is no hint that any misuse of data in the files, Forefront is giving impacted persons a free membership to TransUnion’s myTrueIdentity Credit Monitoring Service for 12 months.
Forefront stated that it is improving its security standards to help avoid the occurrence of the same incident in the future.