Conifer Data Breach Investigation

Conifer Data Breach Investigation

Lowey Dannenberg is investigating claims for violations of the common law, and state consumer protection statutes by Conifer Revenue Cycle Solutions, LLC (“Conifer”), as a result of a data breach compromising 134,948 patient records containing highly sensitive protected health information, including a combination of Social Security numbers, driver’s license/state ID number, financial account information, and medical and/or treatment information.

Conifer, based in Frisco, Texas, provides revenue cycle management and other administrative services to healthcare providers across the country, including Keck Medicine of the University of Southern California (“USC”); San Antonio-based Baptist Health System; Resolute Health Hospital in New Braunfels; The Hospitals of Providence Memorial Campus in El Paso; Valley Baptist Medical Centers in Brownsville and Harlingen; and Brookwood Baptist Medical Center in Birmingham, Alabama.

If you are a patient, received a notice letter, wish to participate, learn more, or discuss the issues surrounding the investigation please fill out the contact form below or please contact one of our attorneys at (215) 399-4782, or via email at

What Happened and What Information Was Involved:

On September 30, 2022, Conifer announced that on April 14, 2022, Conifer learned that an unauthorized third party had gained access to a Microsoft Office 365-hosted business email account. As part of Conifer’s investigation, it learned that the unauthorized party was able to access the business email account at Conifer on January 20, 2022. Conifer’s announcement follows a previous data breach announcement it made in August 2022 concerning certain Texas and Alabama based healthcare providers.

Based on the investigation Conifer determined that personal information associated with certain healthcare providers was in the impacted business email account.  The personal information may have included one or more of the following elements:

  • full name, date of birth, and address;
  • Social Security number, driver’s license/state ID number, and/or financial account information;
  • medical and/or treatment information (such as medical record number, provider name, diagnosis or symptom information, and prescription/medication);
  • health insurance information (such as payor name and subscriber/Medicare/Medicaid number); and
  • billing and claims information.

If you received a data breach notice, or believe your information may have been compromised, you may be entitled to compensation for the disclosure of this highly sensitive protected health information.