Stamford Podiatry Group P.C. is sending breach notification letters to 40,491 patients to advise them that their protected health information may have been accessed by a hacker who gained access its electronic health record (EHR) database on February 22, 2016.
The inappropriate accessing of the podiatry groups’ systems was discovered on April 14, 2016., and access was terminated. During the time that the attacker had access to the podiatry group’s systems, protected health information may have been viewed and/or copied.
The data elements that were potentially accessed include names, addresses, dates of birth, telephone numbers, email addresses, health insurance information, health data, names of referring and treating physicians, medical histories, medical diagnoses and treatments, and patients’ gender and marital status.
In order to determine the extent of the breach and the systems that had been accessed, Stamford Podiatry Group enlisted the help of a third party computer forensics company. The company conducted an investigation into the security breach and ensured that access was terminated.
The investigation did not uncover evidence to suggest that data were viewed or copied, but Stamford Podiatry Group was unable to rule out the possibility.
Patients have been advised to monitor their accounts and check explanation of benefits statements carefully for any sign of fraudulent activity. All affected patients have also been offered a year of complimentary credit monitoring and protection services through Equifax. Patients will also be protected by an identity theft insurance policy.
The EHR hack has been reported to law enforcement and breach notices have been issued to the appropriate state and federal agencies, including the Department of Health and Human Services’ Office for Civil Rights.
In order to improve security and prevent future data breaches from occurring, Stamford Podiatry Group has retained the services of the cybersecurity company used to investigate the breach and will be provided with ongoing cybersecurity assistance.