Arizona-based Valley Anesthesiology and Pain Consultants (VAPC) came to know about the unauthorized access on one of its computer systems. The incident has potentially caused the information exposure of 882,590 patients.
Affected information included patient names, their providers’ names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and Social Security numbers in a few cases.
Other information which got exposed include credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information.
For few employee, information exposed includes names, dates of birth, addresses, Social Security numbers, bank account information and financial information, such as tax information.
“VAPC recognizes the importance of protecting the privacy and security of personal information, and regrets any inconvenience or concern this incident may cause,” VAPC said in a statement. “In addition to security safeguards already in place, VAPC is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.”
Free credit monitoring and identity protection services will be provided to patients whose Social Security numbers or Medicare numbers are affected. VPAC believes that information is not being misused. Call centre is also setup to resolve queries.
Examples of similar data breaches include:
Cloning of Credit or debit cards
An employee with legitimate access to data intentionally breaches information
Sensitive documents are lost, discarded or stolen
Portable storage device is stolen, lost, discarded or stolen
Sensitive information is posted publicly on a website by mistake
According to the website:
The business affairs of Valley Anesthesiology and Pain Consultants are managed by a board of directors, comprised of its four elected officers, elected representatives of its five Divisions: Barrow Neurological Institute, Downtown, Scottsdale North, Scottsdale Osborn, West Valley, and up to two members at-large.
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.