On June 4, 2021 Forefront Management, LLC and Forefront Dermatology, S.C. discovered that unauthorized access had been obtained to its databases which could have resulted in private and confidential employee and patient information being infiltrated.
The impacted databases were swiftly removed from the network so as to stop any additional unauthorized access taking place and an official review was initiated to deduce the extent of the data breach. On June 24, 2021, Forefront was able to reveal that specific files held on its network had been accessed, and possibly removed, which included the personal data of a small number of Forefront staff members, including their names and Social Security information. The official review showed that the databases were initially breached on May 28, 2021 and access remained open until June 4, 2021.
Forefront discovered, during the course of the investigation, that the unauthorized person also accessed files that held the personal and protected health information of a small number of existing and former Forefront patients.
Patient information that could have been infiltrated during the breach included names, addresses, dates of birth, patient account details, health insurance member ID numbers, medical records, appointment dates, provider details, and/or medical and clinical treatment details.
The breach report filed to the Maine state attorney general states that 4,431 people were impacted by the breach, but in a website notice, Forefront Dermatology commented: “While the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access.”
The breach report filed to the HHS’ Office for Civil Rights states that as many as 2,413,553 individuals were potentially impacted.
While there is nothing to suggest that any information in the files has been improperly used, Forefront is offering impacted individuals a free one-year subscription to TransUnion’s myTrueIdentity Credit Monitoring Service. Forefront said it is reconfiguring its security policies to stop incidents like this from taking place going forward.