On August 9, 2024, the Facial Pain Center (“FPC”) reported a data breach to the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party was able to access certain employee email accounts. In this report, the FPC states that the incident resulted in an unauthorized party being able to access consumers’ confidential information, including their names, demographic information, medical information, health insurance information, and dates of birth. After completing its investigation, the FPC began sending data breach notification letters to all individuals whose information was affected by the recent data breach.
If you have received a data breach notification from Facial Pain Center, it is important that you understand what the risks are and what you can do about them. A data breach attorney can help you learn more about how to protect yourself from fraud or identity theft and discuss your legal options after the Facial Pain Center data breach. For more information, see our recent article on this topic. Here.
What caused the Facial Pain Center data breach?
The Facial Pain Center data breach was only recently disclosed and more information is expected in the near future. However, FPC’s filings with the U.S. Department of Health and Human Services’ Office for Civil Rights contain some important information about what led to the breach. Facial Pain Center also posted a website notice describing the incident and the company’s response.
According to these sources, on January 23, 2024, the Facial Pain Center noticed suspicious activity in several employee email accounts. In response, the FPC secured the affected accounts and subsequently launched an investigation with the help of outside cybersecurity experts.
Through this investigation, FPC was able to determine that an unauthorized party gained access to several employee email accounts between January 11 and January 23, 2024. It was subsequently confirmed that the affected email accounts contained sensitive consumer information.
After learning that sensitive consumer data was accessible to unauthorized parties, Facial Pain Center reviewed the compromised files to determine what information was leaked and which consumers were affected. While the compromised information varies by individual, it may include your name, demographic information, medical information, health insurance information, and date of birth.
On August 9, 2024, the Facial Pain Center reported the data breach to HHS-OCR. Typically, this happens around the time that companies send letters to their victims about the data breach. However, the timeframe for the Facial Pain Center data breach could be different. Regardless, once sent, these letters were supposed to provide victims with a list of the information belonging to them that was compromised.
More information about the Facial Pain Center
Facial Pain Center is a healthcare provider based in Bloomington, Minnesota. FPC specializes in the treatment of temporomandibular joint disorder (“TMD”) and sleep apnea. Facial Pain Center operates eight locations in the Twin Cities, including Blaine, Bloomington, Burnsville, Minnetonka, Roseville, Shakopee, St. Louis Park and Woodbury. Facial Pain Center employs more than 25 people and generates approximately $5 million in annual revenue.
