Dedicated to providing the latest
HIPAA compliance news

Valley Anesthesiology and Pain Consultants Reports 882,590-Record Data Breach

Share this article on:

A potential breach of protected health information has been uncovered by Phoenix, AZ-based Valley Anesthesiology and Pain Consultants (VAPC). The records of 882,590 current and former patients and employees were potentially accessed by an unauthorized individual between March 30 and June 13, 2016.

Upon discovery of the intrusion, VAPC reported the incident to law enforcement and hired a leading computer forensics firm to conduct a full investigation. While it was confirmed that an individual had gained access to a system containing PHI, no evidence was uncovered to suggest that PHI had actually been accessed or copied. However, it was not possible to rule out the possibility that sensitive data were viewed. No reports of unauthorized data use have been received by VAPC at this moment in time.

The breached system contained a wide range of sensitive information on providers, patients, and employees. Patients affected by the security breach have had their names, dates of service, health insurer name and ID number, diagnosis and treatment codes, and treatment locations exposed. In some cases, Social Security and Medicare numbers were also exposed.

Employees affected by the breach have had their name, address, date of birth, Social Security number, bank account information, tax information, and financial information exposed. The system also stored information on providers, including names, dates of birth, credentialing information, Drug Enforcement Agency (DEA) numbers, professional license numbers, National Provider Identifiers (NPIs), tax information, bank account information, and other financial data.

All individuals affected by the breach are being notified of the security incident by mail. Individuals that have had their Social Security or Medicare number exposed are being offered 12 months of credit monitoring and identity theft protection services without charge. VAPC has already taken action to prevent future breaches, including revising its security processes and strengthening its network firewalls.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On