Maxim Healthcare Group, November 4, 2021 – Maxim Healthcare Group, including Maxim Healthcare Services and Maxim Healthcare Staffing (collectively “Maxim Healthcare”) is notifying certain individuals of a recent event that may impact the privacy of a limited amount of personal and/or medical information. Maxim Healthcare is unaware of any misuse of individual information and is providing notice to potentially affected individuals Out of an abundance of caution.
On or about December 4, 2020, Maxim Healthcare became aware of unusual activity related to several employees’ email accounts. Maxim Healthcare immediately began to investigate to better understand the nature and scope of this activity. The preliminary investigation revealed that a limited number of employees’ email accounts were accessed without authorization between October 1, 2020 and December 4, 2020. Maxim Healthcare worked with outside forensic specialists to determine the full scope and impact of this event. Unfortunately, the investigation was not able to determine exactly which email messages or attachments may have been accessed or viewed without authorization. In an abundance of caution, a detailed and thorough programmatic and manual review of the contents of the email accounts was performed to determine whether sensitive information was contained in the email messages or attachments at the time of the event. Upon receiving the initial results of the review on August 24, 2021, Maxim Healthcare worked diligently to locate address information for the affected individuals and completed that effort on September 21, 2021.
The types of personal information that may have been accessible to an unauthorized actor include: name, address, date of birth, contact information, medical history, medical condition or treatment information, medical record number, diagnosis code, patient account number, Medicare/Medicaid number, and username/password. For a limited number of individuals, Social Security number may also have been accessible.
Maxim Healthcare takes the security of personal information very seriously. Since discovering this incident, Maxim Healthcare completed an extensive investigation, working with third party specialists to assess the security of relevant systems and reduce the likelihood of a similar future event. As an immediate response, Maxim Healthcare instituted additional security protocols, including implementation of Multi-Factor Authentication for all email accounts and transitioned to a new Security Operations Center with advanced detection and response capabilities. Maxim Healthcare is further committed to integrating additional cybersecurity infrastructure and security measures without negatively impacting the healthcare populations it serves.
On November 4, 2021, Maxim Healthcare began notifying potentially impacted individuals and regulatory authorities, as required. While Maxim Healthcare is unaware of the misuse of any personal information impacted by this event, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity. Any suspicious activity should be reported to the appropriate insurance company, health care provider, or financial institution. Maxim Healthcare is also offering complimentary credit monitoring where required.
Individuals seeking additional information regarding this incident can call Maxim Healthcare’s dedicated, toll-free number at (855) 565-1839, Monday through Friday, 8:00 a.m. to 5:30 p.m., Central Time (excluding some U.S. holidays). Individuals may also write to Maxim Healthcare’s Privacy Officer at 7227 Lee Deforest Drive, Columbia MD 21046 or visit Maxim Healthcare’s website at www.maximhealthcare.com.
Maxim Healthcare is committed to safeguarding personal information and will continue to work to enhance the protections in place to secure the information in its care.