Lexington Diagnostic Center Data Breach Exposes Data of Nearly 30,000 Patients

Lexington Diagnostic Center recently announced a significant data security incident that resulted in an unauthorized party gaining access to a server containing sensitive patient information. This breach, which occurred on November 13, 2023, has potentially affected 29,915 individuals, raising concerns among patients regarding the security of their personal health information (PHI).

Details of the Security Incident

The incident involved an unauthorized third party accessing a server belonging to Lexington Diagnostic Center. Upon discovery of the unauthorized activity on November 13, 2023, the center promptly took the affected server offline to prevent further compromise. Forensic specialists were immediately engaged to investigate the scope and nature of the breach, confirming the unauthorized access.

The investigation revealed that the accessed server contained a range of sensitive patient data. This information includes, but is not limited to, patient names, dates of birth, physical addresses, contact information, and Social Security numbers. Furthermore, health insurance information, as well as medical details such as diagnostic codes and descriptions of services provided, were also potentially compromised. The exposure of such comprehensive data sets can lead to various risks, including identity theft and financial fraud.

Lexington Diagnostic Center’s Response and Patient Notification

In response to the data breach, Lexington Diagnostic Center took several immediate and subsequent actions. After taking the server offline and initiating a forensic investigation, the center also notified law enforcement of the incident. On January 12, 2024, the organization began sending notification letters directly to all 29,915 affected individuals, informing them about the breach and the steps being taken.

As a protective measure, Lexington Diagnostic Center is offering 12 months of complimentary credit monitoring and identity theft protection services through Experian to all impacted patients. This service aims to help individuals safeguard their financial and personal information against potential misuse following the exposure.

Recommendations for Affected Patients

Patients who have received a notification letter from Lexington Diagnostic Center are strongly advised to take proactive steps to protect their information. Key recommendations include:

• Enroll in the complimentary credit monitoring and identity theft protection services offered through Experian.
• Regularly review financial account statements and explanation of benefits (EOB) forms for any unauthorized or suspicious activity.
• Monitor credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion) for unfamiliar accounts or inquiries.
• Place a fraud alert or freeze on credit files, which can prevent new credit accounts from being opened in their name without explicit permission.
• Report any suspicious activity or signs of identity theft to the appropriate authorities and their financial institutions immediately.

Remaining vigilant and proactive in monitoring personal and financial information is crucial in mitigating the risks associated with data breaches involving sensitive data like Social Security numbers and health information.