hacking

Unauthorized access and data breach

May 31st, 2016

The Southeast Eye Institute, PA, or Eye Associates of Pinellas recently suffered a possible healthcare data breach. The incident occurred due to hacking incident.  An unauthorized party accessed patient files which was managed by a third-party vendor.The number of affected patients stands at 87,314 individuals as per Office of Civil Rights (OCR) data breach portal.

“We have learned that Bizmatics became aware of the incident in late 2015, but neither Bizmatics, law enforcement, nor the cyber forensics firm is able to pinpoint the precise date on which the attack began. Bizmatics has communicated to us that it believes the incident began in early 2015.”

Bizmatics Inc, an off-site vendor for Southeast Eye Institute was attacked by hackers. Affected information included names, addresses, telephone numbers, Social Security numbers, dates of birth, and insurance information. The practice reported that medical and financial information was not involved in the event.

Bizmatics Inc mentioned that patient information was segregated into several different files. The purpose was to increase healthcare data security measures. It didn’t mention whether hackers were able to combine all the data. It didn’t confirm the type of patients file which were affected.

Southeast East Institute mentioned that affected patients included who visited the facility an on or before November 16, 2015.

“We have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics. Due to the nature of the attack, Bizmatics cannot say for certain that PTCOA’s patient files were among the data that was accessed or acquired by the hacker.”

Southeast Eye Institute no longer works with Bizmatics Inc. However, the Bizmatics Inc. contacted the FBI. It also hired a cybersecurity firm to improve its data security measures which includes strengthening firewalls and network configurations.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Hacking incident and data breach

May 24th, 2016

Indiana-based Lafayette Pain Care PC recently suffered probable data breach after an outside entity accessed some patients EHR data. According to the OCR data breach portal, around 7,500 individuals were affected by the possible PHI breach.

As per the statement, “Lafayette Pain Care’s EHR management vendor experienced a hacking incident that could have resulted in some patient files being exposed to intruders. The potential healthcare data breach affected multiple EHR systems across the country, confirmed the statement.”

“All this said, our electronic medical records provider has informed us that it is not aware of any evidence that our patient records were in fact accessed or acquired by any unauthorized persons,” as per the website.

Lafayette Pain Care has notified affected individuals and has asked patients to monitor their credit accounts. It also advised to report any suspicious or inappropriate activity. It has also offered free credit monitoring services to affected and verified patients.

“We do recommend that our patients check with their local credit bureau or credit monitoring agency (such as TransUnion, Experian, or Equifax) for any unauthorized activity with their credit or identity. Patients can also utilize the site www.annualcreditreport.com to review their credit report annually.”

“If any unauthorized activity is noted, it should be reported appropriately. We recommend that all persons receiving medical or surgical care, regularly review their Explanation of Benefits forms to confirm the accuracy of included listed services.”

According to the statement:

Lafayette Pain Care is pleased to welcome new patients to our practice. As a valued customer of our practice, we maintain complete records on you to ensure that we can always communicate with you promptly, treat you in the most appropriate and effective manner, coordinate with your other doctors where needed, and ensure your care is paid for by insurance or other means.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

A medical group suffers data breach

May 13th, 2016

Hacking incident may have affected medical group in Texas. The incident may have exposed patient and employee information. According to the reports, approximately 50,000 individuals were affected by the healthcare data security breach at the Medical Colleagues of Texas, LLP. Affected information included employee and patient information, such as names, addresses, Social Security numbers, and health insurance information.

“It’s a lot of records,” stated Dallas attorney Lindsay B. Nickle, who signifies the audience, Medical Co-workers of Texas.

According to the statement,

‘We sincerely regret any inconvenience or concern this matter may cause and remain dedicated to protecting patients’ information.’

The Medical Colleagues of Texas, LLP mentioned that it discovered an outside element accessing its computer network. The relevant network stored EHR and personnel data. After it came to know about the breach, the healthcare system conducted an internal investigation. It also hired an independent forensic expert  who will examine and secure the network.

“We do not know who, we do not know where,” she stated. “We simply realize that online hackers experienced the network.”

The healthcare system has notified affected individuals  through mail. It also established a call center to address any questions or concerns. Free credit monitoring services for impacted patients are created.

“In addition, since this event was discovered, we have taken steps to prevent this type of event from happening again, including updating our computer network, strengthening our firewalls, and implementing two factor authorization measures for remote access,” explained Medical Colleagues of Texas, LLP in the notice. “We are also providing additional training and strengthening our policies and procedures in regards to the protection of sensitive personal information.”

“Medical Colleagues of Texas takes the privacy and security of protected information very seriously, and although we are not aware of the misuse of any information”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hacking Incident and Data Breach

April 22nd, 2016

The Pain Treatment Centers of America (PTCOA) and Interventional Surgery Institute (ISI), a healthcare network in Arkansas suffered a potential data breach. The incident came to notice when  a vendor mentioned about hacking incident. According to OCR’s Tool, 19,397 individuals were possibly affected by the data security incident.

PTCOA and ISI mentioned that EHR and healthcare practice management tool operated by Bizmatics, a third-party vendor is used by them to manage patient files and contains the medical records of all its patients.

According to the PTCOA notice,“Your patient information is important to us, and we select vendors to help us better manage and secure that information. As such, security is the number one priority for our technology vendors, including Bizmatics.”

Unauthorized outside party accessed Bizmatics data server which stored customer records. Bizmatics collaborated with law enforcement officials and a cyber forensics firm to investigate the the incident. After the audit, Bizmatics mentioned the affected systems are secured.

“We have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics,” wrote PTCOA and ISI. “Due to the nature of the attack, Bizmatics cannot say for certain that PTCOA’s patient files were among the data that was accessed or acquired by the hacker.”

PTCOA also mentioned following in the statement,

“We are taking this issue seriously and have retained Experian, an industry leader in credit monitoring and identity theft recovery, to help patients monitor this situation in the coming months. We are offering a complimentary one-year membership of Experian’s® ProtectMyID® Alert. “

PTCOA advice following steps to the users –

  • Review your account statements and credit reports and notify law enforcement and us of suspicious activity
  • Consider placing a fraud alert or a security freeze on your credit files
  • Protect your Passwords
  • Fight “phishing” – don’t take the bait

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.