medQ, Inc., a healthcare software company based in Plano, Texas, has filed a notice of data breach with the Attorney General of Maine after discovering unauthorized access and encryption of a software platform used by the company. The breach, disclosed on February 23, 2024, resulted in the exposure of consumers’ sensitive information, including names, Social Security numbers, driver’s license numbers, dates of birth, health information, diagnoses, lab results, medications, treatment information, and health insurance and claims information.
The incident, which occurred between December 20, 2023, and December 26, 2023, was discovered when medQ learned that its software hosted by a third-party data center had been encrypted by hackers. In response, medQ disconnected its network and initiated an investigation to determine the extent of the breach and whether consumer data had been compromised. Subsequently, medQ’s investigation confirmed that files from the medQ platform had been accessed by unauthorized parties during the specified timeframe, leading to the exposure of confidential consumer information.
After identifying the affected individuals, medQ commenced sending out data breach notification letters to inform them about the breach and the specific information compromised. Recipients of these letters are urged to take precautionary measures to safeguard against potential fraud or identity theft, and seeking guidance from a data breach lawyer is recommended to understand their legal rights and options.