Bizmatics and data breach

June 20th, 2016 by admin Leave a reply »

As per the HIPAA notification letter on the ENT and Allergy Center’s website, yet another medical center suffered potential healthcare data breach due to hacking incident. Affected information included names, addresses, healthcare visit information, and the last four digits of Social Security numbers. The EHR files did not contain credit card numbers or any other financial information.

According to the Office of Civil Rights data breach tool, 16,200 individuals were affected by the healthcare data security incident. Facility mentioned that there EHR vendor’s data servers were attacked by hackers. Servers stored and managed patient files. EHR vendor, Bizmatics discovered the intruder and terminated the access.

Bizmatics mentioned that EHR files may have been viewed or acquired as a result of the possible data breach. It also notified ENT and Allergy Centre but failed to identify which patient files may have been exposed.

Bizmatics reached law enforcement officials and hired a private cybersecurity firm to secure its systems. Investigation is carried by the agency.All affected individuals were notified along with free credit, fraud, and identity-theft monitoring services for a year. A toll-free phone number is also setup to answer questions about the healthcare data security incident. ENT and Allergy Centre mentioned that they are in the process of  implementing safeguards to protect information.

There are several other health care facilities affected by this hacking incident. One example include, Pennsylvania-based Integrated Health Solutions PC incident which affected 19,776 individuals. Also, Southeast Eye Institute PA suffered data breach which affected 87,314 individuals.

According to the ENT and Allergy Center’s website:

We intend to abide by the Final Omnibus Rule of the HIPAA regulations regarding your Protected Health Information, hereafter abbreviated as PHI.  The term PHI refers to your medical records, billing and payment records, your name, address, date of birth, social security number, payment history, the name of your health plan and account number, and other data that identifies you.

We are permitted by law to disclose PHI to you and to anyone who needs it to carry out treatment, payment, or healthcare operations.  We will be required to obtain your signature for authorization to release PHI for most uses unrelated to treatment, payment, and healthcare operations.  We will retain your authorization and provide you a copy if you wish to have it.  PHI will be provided within 30 days of the written request in hard copy form.  Information may be available for transfer onto USB media if the media is provided by the patient.  You may revoke your authorization in writing at any time.

————————————————————————————————————————————————————–

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Leave a Reply