Schedule your free initial consultation

CDPHP Data Breach

On July 6, 2016, Newkirk Products, Inc., a company that makes healthcare ID cards and billing statements for CDPHP and other health insurers, discovered that a computer server storing client information was accessed without authorization. According to Newkirk, the records were first accessed on May 21.  Newkirk disclosed the data breach on August 5. 

Over half a million CDPHP users may have been affected, as well as 70,000 BlueShield members. Information that may have been accessed through the Newkirk server includes names, mailing addresses, and dates of birth. Newkirk is offering two years of free identity protection and restoration services and recommends you "be vigilant against incidents of identity theft" and report "suspicious or fraudulent charges" to CDPHP.

Healthcare Security Breaches: Why Should You Care?

According to the Office of the Inspector General, "Medical identity theft occurs when someone steals your personal information (like your name, Social Security number, or Medicare number) to obtain medical care, buy drugs, or submit fake billings to Medicare in your name. Medical identity theft can disrupt your life, damage your credit rating, and waste taxpayer dollars. The damage can be life-threatening to you if wrong information ends up in your personal medical records." Having your information stolen or easily accessible to potential thieves can have a monumental negative impact on your peace of mind and overall quality of life.

Who is liable for the data breach?                                  

Hospitals and health care providers have a statutory duty under New York State and federal law to protect the personal data and confidential health information of patients, including electronically stored health information. Federal regulations include the HIPAA Privacy Rule and Security Rule.  Many health care providers contract with business associates such as data management companies to store and manage patient records.  These record custodians are also subject to potential liability for data breaches. 

What Should You Do?

The laws regarding cyber-security are still relatively new and case law is developing in the courts.  Insurance coverage for damages caused by data breaches is often contested by insurers. Because of this, if you have been the victim of a data breach or believe you may be, whether or not your information has been used in a criminal way, it is important to contact an attorney with a background in cyber security.

No Comments

Leave a comment
Comment Information
We are committed to obtaining the justice that your case deserves.

Contact our team of Attorneys

Bold labels are required.

Contact Information

The use of the Internet or this form for communication with the firm or any individual member of the firm does not establish an attorney-client relationship. Confidential or time-sensitive information should not be sent through this form.


Privacy Policy

Office Location

Dreyer Boyajian LLP
75 Columbia Street
Albany, NY 12210

Toll Free: 866-292-1582
Phone: 518-478-2762
Phone: 518-478-2762
Fax: 518-463-4039
Albany Law Office Map