Strauss Borrelli PLLC, a leading data breach law firm, is investigating DAP Health, Inc. and its subsidiary Borrego Health (“DAP Health”) regarding its recent data breach. The DAP Health data breach may have involved sensitive personal information and protected health information belonging to an unknown number of individuals.
ABOUT DAP HEALTH, INC.:
DAP Health is a healthcare organization based in California. Founded in 1984, DAP Health focuses on culturally competent care to best serve patients, offering primary care, dental services, behavioral health, pediatrics, urgent care, OB/GYN, and community care.2 Additionally, DAP Health has its own brand of resale shops run by volunteers that help fund DAP Health’s programs and services.3 As of August 1, 2023, Borrego Health system was sold to DAP Health and became a DAP Health subsidiary. Headquartered in Palm Springs, California, DAP Health has 26 fixed locations and eight mobile units in southern California and serves over 85,000 patients.
WHAT HAPPENED?
Recently, DAP Health reported to the Attorney General of California that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its systems may have been accessed and acquired. According to the breach notice, on July 22, 2024, DAP Health detected suspicious activity in its email environment.1 As a result, DAP Health launched an investigation to determine the nature of the incident.
Through its investigation, DAP Health confirmed that sensitive personal information in its email environment may have been viewed and obtained by an unauthorized third party during the breach. As a result, DAP Health began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. Recently, DAP Health concluded this review. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
- Name
- Social Security number
- Date of birth
- Driver’s license, passport, or birth certificate numbers
- Medical information, such as diagnosis/treatment/procedure, medical history, test results/images/vital signs, medical record number, patient ID, and provider name
- Contact information, such as address and phone number
- Health insurance information, such as plan/policy number and cost information
- Medicare/Medicaid number
- Financial account number
- User ID and password
- License plate / VIN vehicle ID
On December 26, 2024, DAP Health began mailing data breach notification letters to impacted individuals. Based on the breach notices provided to the California residents, DAP Health is providing affected individuals with a list of the information impacted and 12 months of complimentary identity monitoring services. A link to the form breach notification letter that DAP Health filed with the Attorney General of California is below.
If you received a breach notification letter from DAP Health, Inc.:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
