HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Patient Treatment Centers of America Notifies Patients of Hacking Incident

Patient Treatment Centers of America (PTCOA) and Interventional Surgery Institute (ISI) are notifying patients of a security breach suffered by third party vendor Bizmatics.

Bizmatics operates PrognoCIS; an electronic health record and practice management tool used by a number of large number of healthcare organizations including PTCOA. PTCOA uses PrognoCIS to store and organize patient medical files.

Earlier this year PTCOA/ISI were notified by Bizmatics of a cyberattack that resulted in hackers gaining access to the company’s data servers. Data stored by PrognoCIS EHR software were potentially compromised in the attack.

The information potentially accessed includes patients’ medical records (visit information, diagnoses, treatment data etc.), personal information such as names and addresses, health insurance information, Driver’s License numbers, other ID numbers, and in some cases, Social Security numbers.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

According to the breach notice submitted to the Department of Health and Human Services’ Office for Civil Rights, 19,397 PTCOA patients have been affected by the Bizmatics cyberattack.

Bizmatics did not discover the security breach until late last year. An investigation was launched into the cyberattack in 2015 which has taken some time to complete. A computer forensics firm was enlisted to assist Bizmatics with the investigation and determine how and when access to the servers was gained and which companies data were exposed.

According to a statement released by Bizmatics, all data have now been secured and no further access is possible. Bizmatics and the computer forensics firm were unable to determine when access to the data servers first occurred, although the initial cyberattack is believed to have taken place in early 2015. Bizmatics notified PTCOA of the data breach earlier this year.

All PTCOA/ISI patients affected by the breach have been notified and offered credit monitoring and identity theft recovery services with Experian for a period of one year without charge.

It is not clear exactly how many of Bizmatics customers have been affected by the cyberattack, although earlier this year Complete Family Foot Care of Nebraska notified 5,883 patients that their PHI had been exposed as a result of a cyberattack at Bizmatics. Around the same time, Illinois Valley Podiatry Group also announced that 26,588 of its patients had had their PHI compromised as a result of a hacking incident, although it is not clear if the latter incident involved Bizmatics.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.