Fast Track Urgent Care Confirms 258,411 Individuals Affected by 2021 PracticeMax Ransomware Attack

Fast Track Urgent Care, a network of urgent healthcare clinics in Florida, has confirmed that 258,411 individuals have had their protected health information exposed and potentially stolen in a ransomware attack on billing and practice management vendor, PracticeMax.

PracticeMax said it identified suspicious activity within its network on May 1, 2021, and confirmed that ransomware was installed on its network. The billing vendor was able to recover the data on its system on May 6, 2021, with the investigation into the breach confirming that its systems had been compromised between April 17 and May 5, 2021. A server used by PracticeMax and several email accounts were affected and data on its systems was encrypted.

The breach affected several of its healthcare clients, including Anthem Inc and Humana. The two health insurance firms confirmed they had been affected in late February 2022, with PracticeMax publicly reporting the breach in the fall of 2021. Fast Track Urgent Care said it was first notified about the ransomware attack by PracticeMax on May 10, 2021, but at that stage of the investigation, it was unclear whether the protected health information of its patients had been viewed or stolen in the attack.

On February 14, 2022, Fast Track Urgent Care said it was ‘first informed’ by PracticeMax that patient data may have been impacted, but PracticeMax could still not confirm whether customer and patient data had been accessed or stolen and that the investigation was ongoing. Fast Track Urgent Care said it took until June 6, 2022, 13 months after the initial breach, for PracticeMax to confirm that Fast Track Urgent Care patient data had been accessed.

Please see the HIPAA Journal Privacy Policy

Fast Track Urgent Care said the types of information compromised in the incident included names, Social Security numbers, passport numbers, treatment and diagnosis information, driver’s license numbers, birth dates, health insurance information, and financial information, and has confirmed that PracticeMax has offered affected individuals’ complimentary memberships to credit monitoring and identity theft protection services. Notification letters are being sent to affected individuals by PracticeMax on behalf of Fast Track Urgent Care.

Fast Track Urgent Care said PracticeMax took several steps to resolve the security incident and has reviewed policies and procedures and implemented additional safeguards to better secure the information on its systems.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.