Healthcare organization, Vincent Vein Center has notified patients of a potential healthcare data breach. The incident was result of the hacking incident at Bizmatics, a vendor who manages EHR for Vincent. Colorado-based phlebology office of the facility mentioned that some of its EHR files were accessed by the outside entity. Unauthorized access was related to PrognoCIS system, a practice management and EHR system serviced by Bizmatics.
The number of affected individuals stands at 2,250 according to the OCR data breach tool. Affected information included names, addresses, health insurance information, health visit and treatment information, and other identifying data, such as Social Security numbers.The PrognoCIS system use to store complete patient files.
Bizmatics mentioned that there has been no indication that Vincent Vein Center’s files were accessed or obtained by the outside party. Also, there are no available reports of information published online.
As per Bizmatics, “cybersecurity firm is hired to investigate the incident. It found out that that cybercriminals had installed malware on its systems to capture user credentials. Affected individuals are contacted about the possible data breach. Also, the facility has established a toll-free number to answer any questions which included identity theft protection resources for patients.”
As noted in Bizmatics’ letter, we have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics. VVC is examining Bizmatics’ practices and determining whether a continued relationship with Bizmatics is appropriate. VVC will make every attempt to prevent further breaches.
“We sincerely regret that this incident has occurred and thank you for your understanding.”
Alertsec is used by organizations that have recognized the need to protect their information Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.