Physicians Business Office (PBO), a Parkersburg, WV-based provider of medical practice management and administrative services, has recently disclosed a security incident that occurred in April 2022. PBO detected unusual activity within its network and took immediate steps to isolate the affected systems and prevent further unauthorized access. A third-party computer forensics company was engaged to determine the nature and scope of the breach and assist with the incident response.
The forensic investigation confirmed files were present on the compromised systems that contained the protected health information of certain individuals, including names, home addresses, dates of birth, Social Security numbers, driver’s license numbers, medical treatment and diagnosis information, disability codes, prescription information, and health insurance account information. Those files were potentially accessed and may have been copied from its systems
PBO said the review of the files on its systems took until June 30, 2022, and the affected healthcare provider clients were notified about the breach on July 26, 2022. Consent was then obtained to send notification letters on behalf of the affected healthcare provider clients, and work commenced on obtaining up-to-date contact information for the affected individuals. That process was completed on September 16, 2022, and notification letters were sent shortly thereafter. Affected individuals have been offered complimentary credit and identity monitoring services. PBO said it has now implemented additional security measures to reduce the risk of future breaches.
The data breach has been reported to the HHS’ Office for Civil Rights as affecting up to 196,573 individuals.
Data Breach Affects More than 58,500 Reelfoot Family Walk-In Clinic Patients
Dyersburg Family Walk-In Clinic, doing business as Reelfoot Family Walk-In Clinic in Dyersburg, TN, has recently notified 58,562 patients that some of their protected health information has been acquired by unauthorized individuals who gained access to its computer systems.
Suspicious activity was detected in its computer systems on July 24, 2022, and immediate action was taken to investigate and mitigate the activity. Third-party forensics specialists were engaged to investigate the breach and confirmed that the attackers had access to its systems between July 10, 2022, and August 14, 2022, and during that time certain files were exfiltrated from its systems.
The review of all files potentially accessed was completed on September 16, 2022. Reelfoot said the information that was subjected to unauthorized access included names, Social Security numbers, dates of birth, full home addresses, diagnoses, disability codes, lab results, medications, medical records, other treatment information, driver’s license numbers, financial account information, claims information, patient IDs and other identifiers, and other billings information.
Reelfoot said it is working on improving the security of its systems and will be providing further security awareness training to its workforce. Affected individuals have been offered complimentary credit monitoring services for 12 months.
The post Physicians Business Office Reports Data Breach Affecting 196,573 Individuals appeared first on HIPAA Journal.