Data Breach at Health Consultant Exposes Personal Info of Long-Term Residents
Fundamental Administrative Services suffered a data security event that may have exposed the personal data of some of its long-term care residents, the health consultant announced on Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The Maryland-based health care consultant noticed suspicious activity on its computer network around Jan. 20. "In response, Fundamental quickly worked to secure all systems and began an investigation to determine the full nature and scope of the activity." It added, "The investigation determined that between October 27, 2024, and January 13, 2025, an unauthorized actor copied certain files" from Fundamental's computer network."
The company then initiated an internal review to determine whose information was impacted, and is "providing appropriate notification via written letter to the individuals for whom it identified current contact information." The release did not say how many people were impacted in the incident, or when notification letters were sent.
However, Fundamental determined that data involved in the event included Social Security numbers, driver's license or state identification numbers, financial account information, medical treatment information, health insurance policy numbers and Medicare or Medicaid plan names.
After "discovering the incident, [Fundamental] ... took steps to further increase the security of its systems and investigate the nature and scope of the incident," the company said.
A document on the company's website -- last updated in March 2025 -- contained the same information as Friday's press release, as well as resources for impacted individuals.