A Pennsylvania-based healthcare facility suffered potential data breach when unauthorized users hacked into its EHR system. The system was managed by Bizmatics. The incident has potentially affected around 19,776 individuals as per the Office of Civil Rights (OCR).
Bizmatics found out that an outside entity accessed its systems, which resulted some patient files to be exposed. Affected information includes names, addresses, Social Security numbers, and healthcare visit information.
Bizmatics did not specify if patient records from Integrated Health Solutions PC were accessed during the hacking incident. To be on safer side, healthcare has taken measures to strengthen healthcare data security policies.
“Integrated Health Solutions, values your privacy and deeply regrets that this incident occurred and is working closely with its advisors and Bizmatics to ensure the incident is properly addressed, including, a review of our data security measures in order to help prevent a recurrence of such an attack,” reported the statement. “We have also contacted relevant state and federal authorities regarding this issue.”
It had informed several other organizations of potential healthcare data breaches that left EHR files exposed to outside entities. Bizmatics also suffered data breach early this year.
One example includes that of Florida-based Southeast Eye Institute, PA. It notified 87,314 individuals due to hacking incident which was managed by Bizmatics. Another example involved 19,937 patients at the Pain Treatments Center of America (PTCOA) and Interventional Surgery Institute (ISI) in Arkansas which was affected by data breach.
“We have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics,” wrote PTCOA and ISI. “Due to the nature of the attack, Bizmatics cannot say for certain that PTCOA’s patient files were among the data that was accessed or acquired by the hacker.”
————————————————————————————————————————————————————–
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.