On June 4, 2021 it was discovered by Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. that unauthorized people had obtained access to its databases which included private and confidential employee and patient data.
The impacted databases were quickly made inactive to stop additional unauthorized access and a review was initiated to ascertain the extent of the attack. On June 24, 2021, Forefront discovered that some of the data saved on its network had been accessed and potentially stolen which included the personal information of a small number of Forefront staff members, including their names and Social Security details. The review also found that the databases were initially accessed on May 28, 2021 and access remained open until June 4, 2021.
Forefront determined, during the official review, that the unauthorized individual also accessed files that held the personal and protected health information of a small number of current and previous Forefront patients.
Patient information potentially impacted in the cyberattack incorporated names, addresses, birth dates, patient account details, health insurance member Identification numbers, medical record data, dates of service, providers, and/or medical and clinical treatment details.
While the official breach report sent to the Maine state attorney general says that 4,431 clients were impacted in the breach, anm update on the Forefront Dermatology stated that “while the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access.”
The breach report filed with the HHS’ Office for Civil Rights states that as many as 2,413,553 could have been impacted in the breach.
While there is no nothing to suggest that any data has been improperly used, Forefront is providing impacted individuals a free one-year subscription to TransUnion’s myTrueIdentity Credit Monitoring Service. Additionally Forefront has committed to bolstering its security protocols to help stop any more incidents like this from taking place.