myNurse, a healthcare startup that provides chronic care management and remote patient monitoring services, said it will shut down at the end of the month after reporting a data breach that exposed personal health information of its users.
The startup, which launched as Salusive Health, said in a data breach notice filed with the California attorney general's office that it discovered a breach on March 7 during which an unauthorized individual accessed the company's protected health data. The data breach notice warned that patients' demographic, health, and financial information was accessed, including names, phone numbers, dates of birth, but also medical histories, diagnoses, treatments, lab test results, prescriptions, and health insurance information.
myNurse said in the data breach notice that its decision to shutter its business "is unrelated to the data security incident," but did not provide a reason for the unexpected shutdown. The company said it began notifying affected patients on April 29, the same date as its data breach notification, more than seven weeks after the breach was discovered.
myNurse co-founder and chief executive Waleed Mohsen provided TechCrunch with a short statement saying the company was considering "how best to adjust our business model amid a changing healthcare landscape," but declined to answer any of our questions about the data breach, including why it took the company seven weeks to notify affected patients or if myNurse had carried out a third-party security audit of its systems prior to the breach.
Mohsen also declined to say how many patients are affected in total. Under the law of California, where myNurse is headquartered, companies must notify the attorney general's office if more than 500 people are affected.