25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

PHI of 45,262 Desert Pain Institute Patients Potentially Compromised in Cyberattack

Posted By on Nov 4, 2021

Baywood Medical Associates, doing business as Desert Pain Institute (DPI) in Mesa, AZ, has discovered unauthorized individuals gained access to parts of its computer network that contained the protected health information of patients.

The security breach was detected and stopped by DPI on September 13, 2021, and a third-party cybersecurity company was engaged to assist with the investigation and determine the nature and scope of the cyberattack. On October 15, 2021, the forensic investigators confirmed evidence was found indicating the attackers had accessed parts of its network where patients’ protected health information was stored.

A review of the files on systems accessible to the hackers releveled the following information may have been viewed or exfiltrated: Full names, addresses, dates of birth, Social Security numbers, tax identification numbers, driver’s license/state-issued identification card numbers, military identification numbers, financial account numbers, medical information, and health insurance policy number. The types of data potentially compromised varied from patient to patient.

From September 13 when the breach was detected until the date of issuing notifications, no evidence has been found to indicate any actual or attempted misuse of patient data; however, affected individuals have been advised to be vigilant against identity theft and fraud and to sign up for the complimentary credit monitoring services that are being provided.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

DPI said security measures for its systems and servers have been enhanced, which includes new end-point monitoring tools to identify unauthorized activity.

The incident has not yet appeared on the Department of Health and Human Services’ Office for Civil Rights breach portal, but the breach notification provided to the Maine attorney general indicates the protected health information of 45,262 individuals was potentially compromised.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist