Legacy Post Acute Care

Legacy Post Acute Care is a United States-based healthcare organization, as indicated by its alias and the nature of its operations involving patient health data. The organization manages sensitive information including patient names, Social Security numbers, treatment details, health insurance and financial information, prescription data, and medical record numbers, as evidenced by cybersecurity incidents reported in January 2022. Its services pertain to the post-acute care continuum, though specific clinical offerings or patient demographics are not detailed in available records. The entity operates within the U.S. healthcare sector, handling protected health information subject to regulations such as HIPAA, based on the context of the reported breaches.

Legacy Post Acute Care faced two cybersecurity incidents in January 2022. The first incident, detected on January 25, involved unauthorized access to a healthcare provider's network, leading to the compromise of sensitive patient data for over 70,000 individuals. A forensic investigation confirmed potential data acquisition, and the organization completed its file review months later, attributing notification delays to investigative complexity and address verification processes. The second incident, occurring around January 19, consisted of unauthorized access to multiple employee email accounts over a two-month period. This breach exposed patient names, Social Security numbers, treatment details, health insurance and financial information, prescription data, and medical record numbers. The organization discovered this breach months after the initial access and reported no evidence of identity fraud or misuse of the compromised information. In response to both incidents, Legacy Post Acute Care emphasized ongoing efforts to enhance security controls and privacy protections for personal data. Specific details of the security enhancements, however, are not provided in the available summaries.