Guidehouse, a provider of professional services, learned on March 23, 2021, that it had been the victim of a cyber attack. The attack occurred on January 20, 2021, and involved the compromise of a third-party service used for secure file transfer for clients, including Tower Health.
Guidehouse provides services to Tower Health involving medical claims billing and collection services. Individuals who were inpatients at a Tower Health hospital at any time between January 1, 2020 and December 31, 2020 may have been impacted. This incident did not involve any unauthorized access to or compromise of Guidehouse internal systems or our clients’ systems. We are not aware of any misuse of the information.
Upon learning of the incident, Guidehouse immediately launched an investigation and has since ceased using the third-party service that had been compromised. We have cooperated with federal law enforcement and engaged leading cyber security experts in connection with investigating and responding to the incident. Based on the nature of the incident, it has taken time to accurately determine what data was impacted. After determining Tower Health information was impacted, we notified Tower Health on June 12, 2021.
Through the investigation, it was determined that certain personal information may have been impacted. This information may include name, admission date, date of service, discharge date, medical record number, and diagnosis and procedure codes.
On August 4, 2021, we began providing notice of the incident to impacted Tower Health individuals for whom we had contact information. In response to this incident, we have arranged to offer these individuals with identity protection and credit monitoring services for two years at no cost to the individual through Experian. Individuals seeking additional information regarding this incident can call 877-653-0510 and provide engagement code B106425. Please know that we regret any inconvenience or concern this incident may cause.