48,000 Patients of Frisco Medical Center Notified of Breach of Payment Information

Baylor Scott & White Medical Center in Frisco, TX, has discovered the payment information of almost 48,000 patients and guarantors may have been compromised.

The medical center, which is jointly managed by United Surgical Partners International (USPI) and Baylor Scott & White Health, discovered an issue with the credit card processing system of one of its vendors. The investigation revealed there had been a week-long computer intrusion between September 22 and September 29. Upon discovery of the issue, the medical center informed the vendor and stopped all credit card processing through the vendor’s system.

Baylor Scott & White Health did not uncover evidence to suggest any patient/guarantor information had been further disclosed or misused; however, as a precaution, all individuals affected by the incident have been offered one year of complimentary credit monitoring services through TransUnion Interactive.

The security breach was limited to the third-party vendor’s system. Hospital information and clinical systems remained secure at all times. No health information or Social Security numbers were exposed. Only the Frisco medical center was affected by the breach.

The information that was exposed and potentially accessed by an unauthorized individual was limited to: Names, addresses, dates of service, medical record numbers, health insurance provider information, account numbers, the last four digits of credit card numbers, CCV numbers, type of credit card used, recurring payment dates, account balances, invoice numbers, and transaction statuses.

All individuals affected by the breach have been notified by mail. The data security incident was reported to the Department of Health and Human Services’ Office for Civil Rights on November 26, 2018. The OCR breach portal indicates 47,948 individuals have been affected.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.