Share this article on:
Princeton Pain Management, a healthcare provider specializing in the management of chronic pain, has reported a hacking incident has impacted 4,668 of its patients.
The breach affects individuals who visited its medical centers in New Jersey, Pennsylvania, and New York for treatment.
It is not known for how long the hacker had access to Princeton Pain Management’s systems, although the breach was discovered on November 28, 2016. Upon discovery of the breach, a cybersecurity firm was retained to conduct a thorough forensic investigation to determine how access to its systems had been gained, the types of information that were potentially accessed, and which patients were impacted. An internal investigation into the breach was also launched.
The investigation revealed that a wide range of sensitive electronic protected health information (ePHI) had potentially been accessed, including names, telephone numbers, addresses, birth dates, Social Security numbers, driver’s license numbers, Medicare numbers, government identification numbers, diagnostic information, treatment information, and medical and health insurance identifiers.
Princeton Pain Management responded to the breach by conducting a review of its security processes and systems. The security review identified a number of areas where protections could be improved. System security has now been enhanced to prevent similar data breaches from occurring in the future.
The incident has now been reported to the Department of Health and Human Services’ Office for Civil Rights and affected patients have been notified of the breach.
So far in 2017, seven healthcare hacking/IT incidents have been reported to OCR. Hacking/IT incidents account for 29% of all healthcare breaches reported so far this year.
The main cause of healthcare data security incidents in 2017 is unauthorized access/disclosure. 10 incidents have been reported: 42% of the year-to-date total.
The year may be young, but 24 incidents have already been reported to OCR in 2017. Those incidents have impacted 151,970 healthcare patients and health plan members.