HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Hacker Gains Access to Records of 4,668 Princeton Pain Management Patients

Princeton Pain Management, a healthcare provider specializing in the management of chronic pain, has reported a hacking incident has impacted 4,668 of its patients.

The breach affects individuals who visited its medical centers in New Jersey, Pennsylvania, and New York for treatment.

It is not known for how long the hacker had access to Princeton Pain Management’s systems, although the breach was discovered on November 28, 2016. Upon discovery of the breach, a cybersecurity firm was retained to conduct a thorough forensic investigation to determine how access to its systems had been gained, the types of information that were potentially accessed, and which patients were impacted. An internal investigation into the breach was also launched.

The investigation revealed that a wide range of sensitive electronic protected health information (ePHI) had potentially been accessed, including names, telephone numbers, addresses, birth dates, Social Security numbers, driver’s license numbers, Medicare numbers, government identification numbers, diagnostic information, treatment information, and medical and health insurance identifiers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Princeton Pain Management responded to the breach by conducting a review of its security processes and systems. The security review identified a number of areas where protections could be improved. System security has now been enhanced to prevent similar data breaches from occurring in the future.

The incident has now been reported to the Department of Health and Human Services’ Office for Civil Rights and affected patients have been notified of the breach.

So far in 2017, seven healthcare hacking/IT incidents have been reported to OCR. Hacking/IT incidents account for 29% of all healthcare breaches reported so far this year.

The main cause of healthcare data security incidents in 2017 is unauthorized access/disclosure. 10 incidents have been reported: 42% of the year-to-date total.

The year may be young, but 24 incidents have already been reported to OCR in 2017. Those incidents have impacted 151,970 healthcare patients and health plan members.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.