Dragonfly Health Files Notice of Data Breach with Federal Regulators

[swidup]

https://www.jdsupra.com/legalnews/dragonfly-health-files-notice-of-data-3024890/

"On December 27, 2024, Dragonfly Health filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights (“HHS-OCR”) after discovering that confidential information that had been entrusted to the company was subject to unauthorized access. In this notice, Dragonfly Health explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information. Upon completing its investigation, Dragonfly Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

The Dragonfly Health data breach was only recently announced, and more information is expected in the near future. However, at this early point, Dragonfly Health does not appear to have issued a press release or posted a notice on its website discussing the incident. Additionally, the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights provides only limited information on what led up to the breach.

Based on the available information, we know that the Dragonfly Health data breach involved a “Hacking / IT Incident” of an email server. However, absent additional information, we do not know for certain that Dragonfly Health’s systems were compromised, as the company could be reporting a third-party breach targeting one of the company’s vendors."