CLAREMONT, N.C. — Choice Health Management Services, which owns several nursing homes throughout the Carolinas, announced it was the victim of a data breach, which potentially exposed the personal information of several current and former patients.
The company said cybercriminals may have gotten access to several components of patients' personal data, including full names, social security numbers and financial account information.
The facilities affected include Catawba Valley Assisted Living in Claremont, Saturn Health in Charlotte, and Universal Health Care locations in Lenoir and Concord.
The company said it first noticed suspicious activity in certain employee email accounts in late 2019, but it didn't conclude just how many people were affected until last month.
Jim Van Dyke is CEO of Breach Clarity, which tracks and rates the severity of data breaches across the country on a 1-to-10 scale.
He said Choice Health's breach received a '10,' the most severe rating on his company's scale, because of how much data may have been exposed.
"They got 17 identity credentials, which is astounding," Van Dyke said. "That's why this one absolutely maxes out our risk scale."
He said Choice Health's patients aren't necessarily powerless when it comes to stopping potential identity theft.
"They can do an awful lot," he said. "They can't totally prevent identity fraud, but they can minimize the risk if they take the right steps."
He said the first step is to set up two-factor authentication for all financial accounts, which most banks and credit unions already offer.
Choice Health declined to speak on-camera about the breach, but on its website, the company wrote it's unaware of any actual misuse of personal information.
The company cited steps it took, including notifying everyone affected, rebuilding computers and installing more cybersecurity measures.