Skip to main content

Notice of a Data Incident

By May 1, 2024May 17th, 2024Notices

This Notice of Data Incident is posted on behalf of AdaptHealth and the health care provider entities it owns or controls that are part of the AdaptHealth HIPAA Affiliated Covered Entity, a list of which is available at here.

On December 21, 2023, AdaptHealth was informed by one of our vendors, Philips Respironics (“Philips”), that an unknown, unauthorized party gained access to a software called MOVEit that Phillips uses to exchange files. According to Phillips, on May 31, 2023, the unauthorized party may have accessed certain files that Phillips transferred through MOVEit, including files that Phillips had obtained from us.

Upon initially learning about the issue, we worked diligently to get more information from Phillips and understand what data was contained in the files involved in the incident. Through this process, we learned that the files contained certain of our patients’ names, coupled with their contact information, dates of birth, certain medical information (relating to sleep and respiratory care), and health insurance information. According to Phillips, neither Social Security numbers, nor any financial information was involved in the incident.

Based on this information, we worked with Phillips to notify patients whose information was involved in the incident. On February 26, 2024, Philips began notifying all such individuals for whom we had current contact information. These individuals should refer to the notice they have or will receive in the mail regarding steps they can take to protect themselves. As described in those letters, Phillips has arranged for complimentary identity theft protection services for involved individuals. Individuals who did not receive notification but believe their information may have been affected can call 888-541-7970, Monday through Friday, 9:00 AM to 9:00 PM Eastern Time.

As a precautionary measure, AdapthHealth recommends that all people remain vigilant to protect against potential fraud and/or identity theft by, among other things, reviewing their account statements, monitoring their credit reports closely, and notifying their financial institutions if unusual activity is detected. They should also promptly report any fraudulent activity or suspected identity theft to proper law enforcement authorities, including the police and their state’s attorney general. Individuals may also wish to review the tips provided by the Federal Trade Commission (“FTC”) on fraud alerts, security/credit freezes and steps that they can take to avoid identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT (1-877-438-4338). Individuals may also contact the FTC at: Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.

AdaptHealth takes the security of individuals’ personal information very seriously and apologizes for any inconvenience at our vendor that this incident might cause.