The San Antonio, Advanced Spine and Pain Center (ASPC) alerted patients to a possible breach and illegal use of their PHI. Possibly, up to 8,362 sick persons have been impacted by the case.
ASPC became conscious of a possible breach of ePHI on 07/31/2017 when some patients informed receiving a phone call demanding payment for an unpaid bill was needed. An inquiry was started to decide whether ASPC systems had been penetrated.
That inquiry discovered illegal people had accessed to an ASPC server. Illegal access happened although extensive defenses had been set up, including network filtering, firewalls, password safety, security checking, and antivirus software.
Although illegal access was verified, it was not clear whether any confidential information was retrieved by those people. It was also impossible to decide whether the phone calls received by a few patients were associated with the safety breach.
Since it’s probable that ePHI of patients was seen or gotten by illegal people, ASPC has provided all impacted patients’ identity thievery protection facilities as well as coverage with a $1,000,000 insurance repayment plan. A complete network scan has been carried out and measures have been taken to make sure the network is safe. Latest checking of the network hasn’t disclosed any proof of constant illegal access, and the breach is thought to have been controlled.
An examination of the undermined server has revealed the following PHI might have been viewed: Names, telephone numbers, addresses, Social Security numbers, state and zip codes, medical records, birth dates, billing information, x-ray images and lab test results, insurance information, scheduling notes, ID numbers, CPT codes, group numbers, and patients’ gender. No credit/debit cards or payment information were undermined.
The case has been reported to police and the Division of Health and Human Services’ OCR has been informed.