Strauss Borrelli PLLC, a leading data breach law firm, is investigating Mount Carmel Care Center (“Mount Carmel”), regarding its recent data breach. The Mount Carmel data breach may have involved sensitive personal identifiable information and protected health information belonging to over 2,300 individuals.
ABOUT MOUNT CARMEL CARE CENTER:
Mount Carmel is a senior care health system based in Massachusetts. Founded in 2013, Mount Carmel is a member of the Carmelite System, exclusively comprised of nursing and rehabilitation, independent living and assisted living facilities that span the Northeast and the Midwest, as well as a facility in Dublin, Ireland.4 Accordingly, Mount Carmel offers a full-range of post-acute care services, including long-term care, short-term rehabilitation and respite care within a modern facility in the heart of the Berkshires.5 Residents have access to a complete range of services, including medical and nursing care, medication administration and monitoring, intravenous and infusion therapy, pain and wound management, nutrition services, social services, and more.5 Headquartered in Lenox, Massachusetts, Mount Carmel employs over 50 individuals.
WHAT HAPPENED?
Recently, Mount Carmel announced that it had experienced a data breach in which the sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, Mount Carmel became aware of suspicious activity within its computer network. As a result, Mount Carmel launched an investigation to determine the nature of the incident.
Through its investigation, Mount Carmel learned that sensitive personal information in its systems may have been viewed and copied by an unauthorized actor between August 17, 2023, and October 15, 2023. As a result, Mount Carmel began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. On June 6, 2024, Mount Carmel completed this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Financial account information
- Payment card information
- Medical information (e.g., diagnosis and treatment information, medical record number, treating/referring physician, prescription/medication information)
- Health insurance information (e.g., health insurance subscriber number, Medicare/Medicaid identification, medical billing/claims information)
- Employee identification
On December 14, 2023, Mount Carmel posted a notice of the incident on its website. Additionally, on August 26, 2024, Mount Carmel mailed data breach notification letters to impacted individuals. Based on the breach notice on its website, Mount Carmel will be providing affected individuals with a list of the specific type of sensitive information impacted. A link to the form breach notification letter that Mount Carmel posted on its website below.
If you received a breach notification letter from Mount Carmel Care Center:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
LINKS:
[1] https://mountcarmelcare.org/wp-content/uploads/2024/08/NOTICE-OF-DATA-SECURITY-INCIDENT.pdf
[3] https://ago.vermont.gov/document/2024-08-26-mt-carmel-care-center-data-breach-notice-consumers
[4] https://www.linkedin.com/company/mount-carmel-care-center/about/
[5] https://mountcarmelcare.org/quality-senior-care-community-lenox-ma