Texas Patients Now Apprised of 2015 CoPilot Data Breach

Patients of a Texas orthopedic clinic are now finding out that a few of their PHI was disclosed in a 2015 CoPilot data breach.

During October 2015, a site supported by CoPilot Provider Support Services was accessed by an illegal person. That person gained entrance to, as well as downloaded, the PHI of over 220,000 patients. The site was utilized by providers to find out whether 2 medicines – MONOVISC® and ORTHOVISC®– were protected by the patients’ health cover.

CoPilot learned its website had been infringed on December 23, 2015, and started an inquiry. The person who retrieved the data was known and the problem was informed to police. No info was thought to have been available to the general public.

Although the case was settled, CoPilot deferred issuing breach notices until January 2017. That postponement led to a $130,000 fine from the New York Attorney General in June 2017.

It has been 2 years since the breach, and 8 months from when notices were announced, however, a few breach victims are just only finding they have been affected. 653 patients of Kraig R. Pepper, D.O., and P.A. were only informed of the breach in late September.

Dr. Pepper didn’t become conscious of the breach until July 31, 2017, when he found out a few of his patients’ data had been disclosed in the 2015 CoPilot data breach. The infringed information didn’t contain any health files, test results, or X-rays possessed by Dr. Pepper, just info that was delivered to DePuy Mitek, Inc., the firm from which the medicines were bought. The information disclosed to that firm and was open included names, Social Security numbers, addresses, phone numbers, dates of birth, ID numbers, gender, medical insurance information, Group numbers, medicine information, and some medical information.

Although there has been a substantial delay in getting notice, impacted patients have been provided identity thievery protection facilities free of charge for 12 months.