Pasadena-based Clinivate has notified its customers of a data security incident that may have divulged the protected health information of individuals within Clinivate's electronic health record system.
Clinivate first learned of the breach in March after discovering unusual activity in its digital ecosystem. With assistance from an independent digital forensics firm, Clinivate soon launched an investigation to assess the hack.
By May, the company was alerted to certain compromised systems and files. There were also instances of unauthorized data access between March 12 and March 21, 2022.
A letter was sent to the potentially affected individuals on July 22 to notify them of this incident.
As confirmed by Clinivate, the impacted information may have included individuals' names, Social Security numbers, medical record numbers, health plan beneficiary numbers, treatment information, and diagnosis information, among other medical information, and/or information relating to payment(s).
Besides notifying customers of the hack, Clinivate enhanced its security measures to help prevent similar incidents in the future. The firm also notified the Federal Bureau of Investigation, and has agreed to cooperate with any subsequent investigation, should it arise.
As matters stand, Clinivate is providing affected individuals with information on steps they can take to protect their personal information. Select eligible impacted individuals will also be provided with complimentary identity monitoring and protection services by data security and recovery services provider IDX.
