HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

16K ENT and Allergy Center Patients Affected by Bizmatics Breach

ENT and Allergy Care, P.A. has announced that its patients have been affected by the data breach at Bizmatics.

In early 2015, the server used to host the Bizmatics PrognoCIS tool was hacked. Access to the server was gained and data stored on the server were potentially accessed. In December, 2015., the intrusion was detected and access to the server was rapidly shut down.

Bizmatics started investigating the cyberattack and enlisted the services of an external computer forensics company. Law enforcement was also notified on the security breach.

Bizmatics notified ENT and Allergy Care of the security breach by mail in January 2016; however, at the time it was not possible to tell whether ENT and Allergy Care patients had been affected. The Bizmatics investigation continued, and in April 2016 ENT and Allergy Care was notified that “at least some” data stored in the PrognoCIS tool had been accessed and possibly copied. Bizmatics was unable to determine exactly which patients’ data were accessed.

Please see the HIPAA Journal Privacy Policy

The data stored in the PrognoCIS tool included patients’ names, addresses, and information recorded by ENT and Allergy Care during health visits. Social Security numbers were also exposed, although all but the last four digits of the SSNs are understood to have been encrypted. Financial information, including credit and debit card numbers, were not exposed as these data were stored in a separate system unrelated to Bizmatics.

Bizmatics has taken a number of steps to increase security to prevent similar intrusions from occurring in the future. ENT and Allergy Care has also taken steps to improve data security. To protect patients from financial loss and harm, all affected individuals have been offered twelve months of credit, fraud, and identity theft protection services without charge.

The breach notice posted on the ENT and Allergy Care website is dated May 31, 2016. Patients were notified of the breach by mail in early June. Neither Bizmatics nor ENT and Allergy Care have received any reports to suggest patient data have been used inappropriately, although all affected individuals have been advised to exercise caution and check their financial accounts, credit files, and Explanation of Benefit forms carefully.

The incident has recently been added to the Department of Health and Human Services’ Office for Civil Rights breach portal. The report indicates 16,200 patients potentially had their protected health information exposed.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.