Cyber Incident Victim: Gifted Healthcare

Gifted Healthcare, based in Metairie, Louisiana, experienced a security breach involving unauthorized access to its email systems. The incident occurred between August 25, 2021, and December 10, 2021, during which three employee email accounts were compromised. While initial assessments suggested the breach was confined to a single account, the subsequent investigation revealed broader unauthorized access across multiple accounts. The organization did not publicly disclose the exact date of breach detection but confirmed the forensic review of affected email accounts concluded on July 25, 2022. Exposed data included sensitive personal and medical information such as patient names, physical addresses, driver’s license numbers, Social Security numbers, financial account details, health insurance information, and medical records. Gifted Healthcare reported the incident to the Maine attorney general as impacting 13,770 individuals.

Notification letters were distributed to affected individuals on August 25, 2022, approximately one year after the initial breach period. The company did not specify whether complimentary credit monitoring or identity theft protection services were offered to victims, unlike other entities mentioned in the same reporting period. No evidence suggested misuse of the compromised data at the time of disclosure. The breach timeline indicates a prolonged period of unauthorized access spanning nearly four months, though technical details regarding intrusion methods, attacker identity, or containment measures were not publicly released. Gifted Healthcare’s disclosure emphasized the completion of its internal review but omitted specifics about operational disruptions, system restoration efforts, or enhanced security implementations post-incident. The incident underscored risks associated with email-based data storage and highlighted delays between breach occurrence, investigation finalization, and victim notification.