Designed Receivable Solutions, Inc. Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from Designed Receivable Solutions, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Designed Receivable Solutions - reported data breachOn March 23, 2024, Designed Receivable Solutions, Inc. (“DRS”) reported a cybersecurity incident (“Data Breach”) to the HHS’ Office for Civil Rights, initially stating that the protected health information of 129,584 individuals was compromised. A subsequent filing with the Maine Attorney General on April 27, 2024 by DRS raised the number of total impacted individuals from 129,584 to approximately 498,686.

Specifically, on January 22, 2024, DRS detected suspicious activity within its network. An investigation by third-party specialists later revealed on January 18, 2024, an unauthorized actor accessed and stole files from DSR’s system (the “Data Breach”). On March 8, 2024, DRS confirmed that the compromised files included protected health information and personally identifiable information of current and former patients of its healthcare clients, including but not limited to names, addresses, dates of birth, Social Security numbers, health insurance information, and medical information (including dates of service).

As a result of the Data Breach, on April 26, 2024 DRS began sending out data breach notification letters to affected individuals. These notification letters provided a list of the compromised information and offered complimentary credit monitoring services. As the Data Breach was only recently announced, DRS has yet to release any additional details. If you received a Breach Letter from DSR, it means you were affected by the Data Breach.

Headquartered in Cypress, California, DRS specializes in patient-centered and client-focused revenue cycle services. DRS works closely with healthcare providers to meet their unique needs throughout the accounts receivable (A/R) cycle. Employing more than 25 people and generating about $6 million in annual revenue, DRS is dedicated to improving patient communication, satisfaction, and financial performance.

WHAT INFORMATION IS INVOLVED?

The type of compromised information varied among individuals and potentially included:

  • Full Names
  • Addresses
  • Dates of Birth
  • Social Security Numbers (SSNs)
  • Health Insurance Information
  • Medical Information (including dates of service)

This information is referred to as your Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”). It provides critical details about you and is an integral part of your identity.

Businesses are legally required to protect PII, or they risk incurring statutory penalties and other legal repercussions. When PII is stolen, it can be used by identity thieves to commit fraudulent activities using your identity.

Moreover, Protected Health Information (PHI), a specific category of PII, is safeguarded under both state and federal laws. Healthcare providers and businesses that manage PHI are mandated to secure this sensitive information. Similar to PII, stolen PHI can be exploited by identity thieves to commit fraud using your identity. Frequently, hackers use both PII and PHI together to enhance the effectiveness of their fraudulent activities.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from Designed Receivable Solutions, Inc., contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.