Integrated Health Solutions Notifies 20K Patients of EHR Breach

Easton, Pennsylvania-based healthcare provider Integrated Health Solutions P.C., has notified 19,776 of its patients that their protected health information may have been accessed by a hacker.

The sleep medicine specialists were informed of a security breach by EHR vendor Bizmatics on March 30, 2016. Bizmatics was unable to confirm whether Integrated Health Solutions patient data had been viewed or copied by the unauthorized individual who gained access to its servers, but the company was unable to rule out the possibility. Patients’ names, addresses, health information, and Social Security numbers were stored on the compromised server.

Bizmatics provides EHR/EMR software solutions to approximately 15,000 healthcare providers in the United States. The company has not disclosed exactly how many of its clients were affected by the breach, although a number of healthcare providers have now issued breach notifications to patients and have informed the Department of Health and Human Services’ Office for Civil Rights of the breach.

Florida-based Eye Associates of Pinellas appears to be the worst affected, having been informed that as many as 87,314 of its patients have potentially been affected. A number of other healthcare providers have had to inform thousands of their patients of the potential accessing of their PHI.

It is too early to tell exactly how many patients in total have been affected by the security breach, although the figure is certainly in the hundreds of thousands, making it one of the largest healthcare data breaches reported in 2016.

According to breach notices issued by other victims of the Bizmatics breach, access to the company’s servers was believed to have first occurred in early 2015, although neither Bizmatics, the computer forensics company contracted to investigate the breach, nor law enforcement have been able to determine exactly when access was first gained. Bizmatics discovered the breach in late 2015.

According to the breach notice issued by Integrated Health Solutions, the company is working with its vendor to ensure that the incident is addressed and has reassured patients that data security protections will be reviewed to reduce the probability of a recurrence of the breach.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.