"GuardDog admits that, since it began operating as a company in 2024, its goal was to provide chronic care management ("CCM") and remote patient monitoring ("RPM") for patients, but that did not happen. For the duration of its existence, its business instead focused on requesting, reviewing, and summarizing medical records, and providing those medical records to law firms."
"The company allegedly "exploited systems" that share patient medical records across healthcare providers. Epic asserts that GuardDog Telehealth, Health Gorilla and other companies utilized "sham healthcare providers" to request records."
"Health Gorilla requested records "under the pretext of providing treatment to shared UPMC patients" and asserting "it had permission to do so." The breach potentially compromised patient information across multiple healthcare entities."
GuardDog Telehealth admitted in legal filings that it falsely claimed to need patient medical records for treatment purposes while actually selling the sensitive information to law firms. The company exploited systems designed to share records across healthcare providers, utilizing sham healthcare providers to request data. Since its 2024 inception, GuardDog's actual business focused on requesting, reviewing, and summarizing medical records for attorney clients rather than providing chronic care management and remote patient monitoring services. Health Gorilla engaged in similar practices, requesting records from healthcare entities like UPMC under false treatment pretenses. The breach has affected multiple healthcare organizations and patients, with ongoing litigation against the defendants.
#healthcare-data-privacy-breach #patient-medical-records-misuse #telehealth-fraud #legal-liability #data-security-violation
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]