Parker-Hannifin, a motion and control technology manufacturer, has reported a data breach affecting about 120,000 people to HHS, the largest HIPAA breach reported about a health plan on the HHS Office for Civil Rights portal in 2022.
In a public statement May 13, Mayfield Heights, Ohio-based Parker said an investigation into the breach found that an unauthorized third party gained access to and may have acquired "certain files" on the company's IT systems between March 11-14.
On March 31, the Conti ransomware group claimed it was responsible for the attack, according to GovInfoSecurity.
Parker said affected files might include information related to current and former employees, their dependents and members of Parker's group health plans, including plans sponsored by a company acquired by Parker.
Potentially affected information includes names, Social Security numbers, dates of birth, addresses, driver's license numbers, U.S. passport numbers, financial and banking account information, online account usernames/passwords, health insurance plan member ID numbers, and dates of coverage.
For some individuals, the information also included dates of coverage, dates of service, provider names, claims information, and medical and clinical treatment information.
In a March 14 filing with the Securities and Exchange Commission, Parker said that after it detected the breach, the company activated its incident response protocols, which include closing certain systems and an investigation of the incident.