CAH Holdings issues notice after employee email accounts compromised

What follows is a somewhat unsatisfactory notice. It does not indicate when the email accounts were compromised. It does not indicate when the firm first discovered it or how they discovered it. It does not indicate how many people are being notified by them. It does not explain to patients why a holdings firm has their information. And it appears that people have to call them to find out if they were impacted? Is the company not mailing any notifications? To say “call us to find out” seems to unfairly shift the responsibility for notification to the patients instead of the firm or any firm they contracted with. But read the notice and see what you think.

BIRMINGHAM, Ala., Nov. 15, 2019 /PRNewswire/ — CAH Holdings Inc. (CAH) recently learned of a data security incident involving some employee email accounts that may have impacted a limited amount of personally identifiable information and protected health information (PHI).

To assist with the investigation, CAH hired independent computer forensic experts to determine what occurred, and what information may be at risk. The forensic investigation determined that an unauthorized actor gained access to some of its corporate email accounts. Unfortunately, the investigators were unable to identify what emails or attachments may have been viewed by the unauthorized actor.

CAH reviewed the contents of the email accounts, and determined that limited information related to names, medical treatment history and diagnoses, and health benefits was contained in the accounts. For a limited number of individuals, addresses, dates of birth, and Social Security numbers were also included.

Although we are not aware of any misuse of any information, as an added precaution, we are offering, at no cost to the individual, credit monitoring and identity theft protection through ID Experts®. This product provides credit monitoring, identity detection, and resolution of identity theft Please note that this offer is available for one-year from the date of enrollment.

CAH has taken steps to prevent this type of incident from happening in the future. These steps include conducting a global password resent, enabling multi-factor authentication, increasing spam filters and hiring a Chief Information Security Officer. We retrained all our employees on cybersecurity and recognizing and responding to suspicious emails. We continually review our training program to ensure it is up to date.

“Our clients’ trust is a top priority for CAH, and we deeply regret any concern this has caused,” said Grantland Rice, CEO of CAH. “The privacy and protection of our customers’ information is a matter we take very seriously, and we are committed to taking steps to prevent this type of incident from occurring in the future.”

We encourage those affected to take full advantage of the services offered through ID Experts®. Recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on a credit file can be found at

To determine whether you were affected by this incident, please call 833-953-1522 between 8:00 a.m. and 5:30 p.m. Central Time Monday to Friday.


About the author: Dissent

Comments are closed.