16K ENT and Allergy Center Patients Affected by Bizmatics Breach
ENT and Allergy Care, P.A. has announced that its patients have been affected by the data breach at Bizmatics.
In early 2015, the server used to host the Bizmatics PrognoCIS tool was hacked. Access to the server was gained and data stored on the server were potentially accessed. In December, 2015., the intrusion was detected and access to the server was rapidly shut down.
Bizmatics started investigating the cyberattack and enlisted the services of an external computer forensics company. Law enforcement was also notified on the security breach.
Bizmatics notified ENT and Allergy Care of the security breach by mail in January 2016; however, at the time it was not possible to tell whether ENT and Allergy Care patients had been affected. The Bizmatics investigation continued, and in April 2016 ENT and Allergy Care was notified that “at least some” data stored in the PrognoCIS tool had been accessed and possibly copied. Bizmatics was unable to determine exactly which patients’ data were accessed.
The data stored in the PrognoCIS tool included patients’ names, addresses, and information recorded by ENT and Allergy Care during health visits. Social Security numbers were also exposed, although all but the last four digits of the SSNs are understood to have been encrypted. Financial information, including credit and debit card numbers, were not exposed as these data were stored in a separate system unrelated to Bizmatics.
Bizmatics has taken a number of steps to increase security to prevent similar intrusions from occurring in the future. ENT and Allergy Care has also taken steps to improve data security. To protect patients from financial loss and harm, all affected individuals have been offered twelve months of credit, fraud, and identity theft protection services without charge.
The breach notice posted on the ENT and Allergy Care website is dated May 31, 2016. Patients were notified of the breach by mail in early June. Neither Bizmatics nor ENT and Allergy Care have received any reports to suggest patient data have been used inappropriately, although all affected individuals have been advised to exercise caution and check their financial accounts, credit files, and Explanation of Benefit forms carefully.
The incident has recently been added to the Department of Health and Human Services’ Office for Civil Rights breach portal. The report indicates 16,200 patients potentially had their protected health information exposed.