Foreign Hacker Responsible for Siouxland Pain Clinic Data Breach

A foreign hacker has gained access to Siouxland Pain Clinic’s patient data , according to a statement released by the healthcare provider’s attorney. The hacker managed to infiltrate the healthcare provider’s computer network, potentially obtaining the Protected Health Information of approximately 13,000 of its patients.

The hacker is understood to have first gained access to the Iowa healthcare provider’s computer network on March 26, 2015, with access reportedly continuing until April 2. Siouxland Limited, which operates the Siouxland Pain Clinic, was notified of the security breach on June 26.

The statement was issued on Friday, 31 July, with further information released a few days later. It is not clear why access to the computer systems stopped on April 2, and how it then took over two months for the incident to be discovered.

The incident is still under investigation, with the healthcare provider having enlisted the help of a private cybersecurity firm to determine the extent of the incident, the data exposed, and whether any of that data has been copied.

The news of the breach came from the healthcare provider’s lawyer, Lonnie Braun, of Rapid City, S.D. Braun emailed local news outlet – The Sioux City Journal – announcing the data breach, stating “At this point, we have no evidence that any data has been misused.” He also said “A new IT provider has been hired and all reasonable practices and safeguards are being employed to safeguard patient information.”

He also said “So far no evidence of data theft has been uncovered, but Braun also that it was “highly likely” patient health information was accessed. The information exposed included “names, medical information, Social Security numbers and addresses.”

It has been four months since access to data first began. Current and former patients are therefore advised to obtain credit reports from each of the three credit bureaus as a precaution against fraud and identity theft. Explanation of Benefits statements should also be obtained from health insurers, and should be checked for suspicious entries.

A helpline – 877-322-6271 – has also been set up to provide patients with further information about the breach.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.