CMC Notified of Potential Data Compromise Involving 2,792 Patients

Incident at Lamont Hanley & Associates, Inc. affects businesses across the United States

Published 4/22/2024
Written By Laura Montenegro, Director, Communications & Public Relations

Lamont Hanley & Associates, Inc. (LH) provides account receivable management services to Catholic Medical Center (CMC). CMC is working with LH to notify potentially impacted CMC patients about a data security incident at LH during which an unauthorized party accessed and/or acquired certain files containing personal and health information related to CMC patients, among other LH clients. 

To date, LH is not aware of any reports of identity fraud or improper use of personal and health information.

On March 6, 2024, LH notified CMC that on June 20, 2023, it discovered one employee email account was accessed by an unauthorized party via a phishing attempt. Upon detecting the incident, LH commenced an immediate and thorough investigation, contained and secured the email environment, and changed the password to the affected email account. As part of the investigation, LH engaged external cybersecurity professionals to investigate the extent of the incident and what, if any, sensitive data, including personal and/or health information, may have been accessed and/or acquired by the unauthorized party. The investigation did not identify evidence of specific data access or acquisition by an unauthorized party, but could not conclude with one-hundred percent certainty that data within the account was not accessed or acquired by an unauthorized party. Out of an abundance of caution, LH conducted a comprehensive review of the affected email account, and on February 28, 2024, determined the specific personal information present within the account. The information present in the account may include individual name, Social Security Number, date of birth, medical and claim information, health insurance information, individual identification information, and financial account information.

Patient priacy and security are of the highest importance to CMC.  We have been working diligently with LH to understand how this incident occurred, and LH assured us that they have already taken measures to augment its existing cybersecurity. In addition, LH is providing complimentary credit monitoring services to those who are eligible. Individuals are encouraged to take steps to protect themselves against identity fraud, including placing a fraud alert/security freeze on their credit files, obtaining free credit reports, and remaining vigilant in reviewing financial account statements, explanation of benefits, and credit reports for fraudulent or irregular activity on a regular basis.

Although CMC’s network was not breached as a result of this incident, we maintain an aggressive cyber security program. We also require our contracted vendors to implement administrative, technical, and physical safeguards to secure all sensitive information within their organizations.

For those individuals who have been identified, they will receive a letter in the mail this week. For those who have questions or need additional information regarding this incident, LH has established a dedicated toll-free response line at 1.833.792.8144. The response line is available Monday through Friday, 8 AM to 8 PM Eastern Time, excluding holidays.