On August 5, 2022, Atlas MedStaff LLC reported a data breach with a state attorney general’s office, explaining that, as a result of a recent cyberattack, certain consumer data ended up in the hands of hackers. However, because the Atlas breach was only announced very recently, it has not been confirmed which types of data were compromised. However, after confirming the breach and identifying all affected parties, Atlas MedStaff began sending out data breach letters to all affected parties. These notices should provide consumers with the specific data types that were leaked and what they can do to protect themselves from identity theft and other frauds.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Atlas MedStaff data breach, please see our recent piece on the topic here.
What We Know About the Atlas MedStaff Data Breach
The information about the Atlas MedStaff LLC data breach comes from documents filed with the Vermont Attorney General’s Office. According to the most recently available data, on October 21, 2021, Atlas Medstaff experienced a cybersecurity incident that engages the functionality of its computer systems. In response, the company enlisted the assistance of third-party cybersecurity specialists to investigate the incident and determine what, if any, consumer data was leaked as a result.
The company’s investigation confirmed that an unauthorized party gained access to the Atlas computer systems on October 15, 2021, and that this access lasted until the company discovered the access on October 21, 2021. Atlas also learned that the unauthorized party may have stolen data from its systems, although the company could not confirm that to be the case.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, Atlas MedStaff began the process of reviewing all affected files to determine what information was compromised and which consumers were involved by the incident. Atlas completed this review on July 13, 2022.
On August 5, 2022, Atlas MedStaff sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Atlas MedStaff LLC
Founded in 2011, Atlas MedStaff LLC is a healthcare staffing company based in Omaha, Nebraska. More specifically, Atlas is a travel nurse staffing company that nurses and matches them up with providers in other parts of the country. In this way, the company targets young and adventurous nurses who are looking to not only work but also to experience traveling and living in a new area. Atlas MedStaff employs more than 900 people and generates approximately $88 million in annual revenue.
What Can You Do After a Data Breach to Hold a Company Accountable?
The aftermath of a data breach can be incredibly stressful. Learning that a hacker accessed—and may have stolen—your personal information is alarming and certainly is cause for concern. And with the rate of identity theft increasing over the past several years, it is important that data breach victims understand their rights and what their options are after a breach.
As a general rule, any organization that stores consumer or employee data owes the owner of that data a duty to keep it secure. If a company experiences a data breach results in a consumer’s data ending up in the hands of a criminal, the company may be financially responsible for the victim’s damages.
Of course, not every data breach results in a company being held accountable. It is only when a company is negligent in how it handles, stores, or transmits consumer data that it is financially responsible for any resulting harm.
Under existing data breach laws, a company can act negligently regarding consumer information in several different ways. For example, below are some of the ways a company can violate the duty it owes to consumers to protect and safely maintain their information:
An employee at the company doesn’t follow the correct procedures when handling consumer data;
A company fails to implement or maintain an up-to-date data security system;
A company mistakenly sends consumer information to an unauthorized party;
A company mistakenly posts sensitive consumer information such that it is publicly available;
An employee opens an unsolicited email that installs malware on their computer; or
An employee responds to a phishing attack.
These are just a few of the most common examples of negligence; there are many others. And while many common causes of data important related to an employee’s actions, it is to remember that employers are the ones who should be training employees about the risks of cyberattacks.
Data breach victims looking to learn more about their rights, what they can do to protect themselves, or how they can pursue a data breach lawsuit should reach out to an experienced data breach lawyer for assistance.