95K More Patients Discovered to Have Been Impacted by Bizmatics Data Breach

The Office for Civil Rights has received two further breach reports from healthcare providers impacted by the Bizmatics data breach. Almost 95,000 patients of the two healthcare facilities have potentially had their data accessed by hackers.

Southeast Eye Institute P.A, doing business as Eye Associates of Pinellas, has notified 87,314 patients of the breach, while Lafayette Pain Care, PC., has potentially had the data of 7,500 individuals scanned by hackers.

Eye Associates of Pinellas was notified by Bizmatics on March 30, 2016., that some of its patients’ data were accessed by unauthorized third parties. The data potentially viewed include patients’ names, telephone numbers, home addresses, dates of birth, health insurance information, and Social Security numbers.  Patients affected by the breach had visited Eye Associates of Pinellas prior to November 15, 2015.

According to the breach notice posted by Eye Associates of Pinellas, Bizmatics had segregated data to improve security, but the company was unable to determine if the separated data fields had been matched by the attackers. Bizmatics was unable to confirm to Eye Associates of Pinellas which patients had potentially been impacted by the breach, requiring notifications to be issued to all 87,314 patients potentially impacted. Identity theft protection services are being offered to affected patients without charge. Eye Associates of Pinellas also said that it is no longer using Bizmatics practice management software.

Lafayette Pain Care was informed by Bizmatics that it had been affected by the security breach and hackers had probed the server on which the patients’ data were stored. Lafayette Pain Care had issued a statement saying the investigation into the breach suggests that Lafayette’s data were not in fact compromised or obtained by hackers.

However, all affected patients have still been notified of the breach and have been offered credit monitoring services as a precaution. Chief operating officer, Dale Krynak, said he was assured by Bizmatics that the company will continue to perform regular scans for external vulnerabilities and malware, and that the company’s systems and protections have been upgraded following the security breach to prevent future breaches.

Bizmatics provides medical practice software to more than 15,000 practices, although it is still unclear exactly how many companies have been affected. Healthcare providers that have already announced that their patients were impacted by the security breach include Complete Family Foot Care (NE), Pain Treatment Centers of America (AR), Interventional Surgery Institute (AR), and Illinois Valley Podiatry Group (IL).

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.