The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Vascular Surgical Associates Hacking Incident Reported

Posted By on Nov 25, 2016

Vascular Surgical Associates – A group of specialty-trained vascular surgeons in Atlanta – has announced that it has been the victim of a hacking incident that has potentially resulted in certain protected health information being viewed by unauthorized individuals.

IT staff noticed unusual activity on one of the company’s servers on or around September 13, 2016. An investigation into the anomaly was launched, which revealed the server had been improperly accessed using login credentials supplied to some of the group’s vendors. Access to patient data was first gained on March 25, 2016 when a software application upgrade was performed.

The investigation did not confirm whether patient health information had been obtained by the hackers, although for more than five months it would have been possible for the login credentials to have been used to view patient data. As soon as IT staff determined the server had been compromised access was immediately terminated. The server is now secure and Vascular Surgical Associates is confident that no further unauthorized access is possible.

It would not have been possible for the intruders to view Social Security numbers or financial data, as that information was stored elsewhere on a part of the network that was not compromised. However, names, addresses, birth dates, demographic data, and medical records were all potentially viewed.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

The investigation did not confirm the identity of the hackers, although evidence was uncovered to suggest the attackers were based in other countries. The login credentials used to gain access to the server were only used by vendors and their staff members. Vascular Surgical Associates is confident that none of its staff members were involved in the breach.

Vascular Surgical Associates has reported to the incident to the appropriate federal and state authorities and investigations will be launched by the FBI and Department of Health and Human Services’ Office for Civil Rights. At present, no announcement has been made about the number of patients that have been impacted by the incident. Affected individuals will be notified of the security breach by mail.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist