Connexin Software Inc., which provides electronic medical records and practice management software (Office Practicum) to pediatric physician practice groups has recently confirmed that it was the victim of a cyberattack in which an unauthorized third party gained access to its internal computer network.
While the electronic medical record system was not accessed in the attack, and none of its client databases, systems, or medical records were accessed, the threat actors did access parts of its network that contained the protected health information of patients of its clients. The substitute breach notice indicates 119 pediatric healthcare providers were affected by the breach.
Connexin Software reported the breach to the HHS’ Office for Civil Rights as affecting 2,216,365 million patients. At least one healthcare provider client has reported the breach (Forest Hill Pediatrics – 4,958 records), so the breach total may well be higher if other providers have also chosen to report the breach separately.
Connexin Software said a data anomaly was detected within its network on August 26, 2022, which prompted an immediate investigation into the suspicious activity. A third-party forensics company was engaged to assist with the investigation and determine the nature and scope of the incident. Connexin Software learned on September 13, 2022, that an unauthorized third party has accessed its network, which included an offline set of patient data that had been created for data conversion and troubleshooting. Some of that data was exfiltrated in the attack, although at the time of issuing notifications, no misuse of that data had been identified.
When the breach was detected, a password reset was performed for all corporate accounts. The offline data that was used for data conversion and troubleshooting has now been moved to a different part of the network that has greater security. Security and monitoring have also been stepped up to prevent similar breaches in the future.
Children’s protected health information is especially valuable to cybercriminals, as it can often be misused for long periods of time before that misuse is detected. Victims of this breach have been advised to closely monitor credit reports and statements from providers for signs of misuse. In cases where a child’s Social Security number was exposed or stolen, child identity monitoring services have been offered for 12 months.
Information compromised included patient names, guarantor names, parent/guardian names, addresses, email addresses, birth dates, Social Security Numbers, health insurance information, dates of service, location, services requested or procedures performed, diagnoses, prescription information, physician names, medical record numbers, and billing and claims information.
Practices confirmed as being affected by the breach are detailed in the table below.
| ABC Pediatrics Practice, PC | Discovery Pediatrics, Inc. | Honeygo Pediatrics, LLC | Orland Children’s Center, Inc. | Ruth Agwuna, M.D. |
| Academy Pediatrics, PA | Dr. Michael J Ulich Pediatrics, LLC | Jackson Pediatric Associates, PA | Passaic Pediatrics II, PA | Samuel R Williams, M.D., PA |
| Advanced Care Pediatric Centre, PLLC | Drexel Hill Pediatric Associates, PC | Jaleh Niazi, M.D., PC d/b/a New Day Pediatrics | Pediatric Associates, PSC | San Marino Pediatric Associates |
| Alice Tanner, M.D., PC | Eastern Carolina Pediatrics, PA | James A. Weidman, AMC | Pediatric Associates of Lawrenceville, LLC | SchoolCare, Inc. f/k/a CareDox, Inc. |
| All Star Pediatrics, LLC | Eastern Shore Children’s Clinic, PC | Jose F. Alvarado & Associates, PA | Pediatric Care Center No. 2, Inc. | SCS LLC d/b/a Bayshore Pediatrics |
| Angel Kids Pediatrics | Ekta Khurana, M.D., PLLC | Kate Bowers, M.D., PLLC d/b/a Firefly Pediatrics | Pediatric Center for Wellness, PC | Sistema Infantil Teleton USA, Inc. a/k/a CRITS |
| Arlington Pediatric Partners, PLLC d/b/a Kids Docs Pediatrics | Emily B. Vigour, M.D., LLC d/b/a Vigour Pediatrics | Kerrville Pediatrics, PLLC | Pediatric Health Center of El Paso | South River Pediatrics, LLC |
| Ascension Medical Group f/k/a Pediatric Associates, PA | Ennis Pediatric and Adolescent Health Care, PA | Kids First Pediatric Care, PA | Pediatric Healthcare Associates of McKinney | Springfield Medical, LLC |
| August Pediatrics, PA | Forest Hill Pediatrics, LLC MD | Kids Kare Pediatrics, PLLC | Pediatric Medicine of Cartersville, PC | Sumter Pediatrics, LLC |
| Austex Pediatrics, PA | Fox Pediatrics, PLLC | Kids World Pediatrics, LLC | Pediatric MultiCare West, LLC | Texoma Pediatrics, PLLC |
| Bristow Pediatrics, PLLC | Fraser-Branche Medical, PLLC | Kidswood Pediatrics, Inc. | Pediatric Physicians of Reston, PC | The Pediatric & Adolescent Clinic, Inc. |
| Cecilia A Nwankwo, M.D. FAAP, PC | Gaurang Patel, M.D., LLC | Kidzcare Pediatrics, PC | Pediatrics East, PC | The Pediatric Center of Frederick, LLC |
| Carolina Pediatrics and Adolescent Care, PA | Gold Pediatrics, PA | KION Pediatrics, PLLC | Peds First Pediatrics | Thomasville-Archedale Pediatrics, PLLC |
| Casey Thomas Mulcihy Austin Texas, PA | Goldsboro Pediatrics, PA | Kressly Pediatrics, PC | Pensacola Pediatrics PA | Thompson River Pediatrics and Urgent Care, LLC |
| Central Coast Pediatrics, Inc. | Goodlettsville Pediatrics, PC | Lilac City Pediatrics, PA | Petoskey Pediatrics PC | Valley Children’s Medical Group |
| Children’s Clinic, Ltd. | Graham Pediatrics of Woodstock, LLC | Madison Pediatric Associates, PC | Phillips Pediatrics, PC | Virginia Pediatric Group, Ltd. |
| Children’s Health Center of Columbus, Inc. | Great Bend Children’s Clinic, PA | Maria Luisa Lira, M.D., PA | Premiere Pediatrics, PLLC | Watch Us Grow Pediatrics, PC |
| Children’s Health of Ocala, PA | Harbor Pediatrics, PS | Mariano D. Cibran, M.D., Inc. d/b/a St. Petersburg Pediatrics | QC Kidz Pediatrics, PLLC | We Care Pediatrics, PC |
| Children’s Mercy – Pediatric Partners, Inc. | Hatboro Pediatrics, PC | Maryland Pediatric Care, LLC | Rachel Z. Chatters, M.D., Inc | Wee Tots Pediatrics, PA |
| Children’s Mercy – Shawnee Mission Pediatrics | Hawthorne Pediatrics, LLC | Maryvale Pediatric Specialists, LLC | Raleigh Group, PC | Westview Pediatric Care, LLC |
| Children’s Pediatric Center Northside, LLC | Hebron Pediatrics, LLC | Mayura Madani, M.D., PLLC | Rankin Children’s Group, PLLC | Winsted Pediatrics |
| Community Pediatrics, SC | Heights Pediatrics, PC | McComb Children’s Clinic, Ltd. | Raza Ali, MD, PC | Yazji Pediatrics |
| Cordova Pediatrics, PLLC | Helena Pediatric Clinic, PC | Northeast Pediatric Night Clinic, Inc. | Reading Pediatrics, Inc. | Zero Pediatrics, PLLC |
| Crockett Kids Pediatrics, PC | Holmdel Pediatrics, LLC | Oregon City Pediatrics | Renaissance Pediatrics, P.C. |
The post 119 Pediatric Practices Affected by Breach at EHR Vendor – 2.2 Million Patients Affected appeared first on HIPAA Journal.