PHI of 45,262 Desert Pain Institute Patients Potentially Compromised in Cyberattack
Baywood Medical Associates, doing business as Desert Pain Institute (DPI) in Mesa, AZ, has discovered unauthorized individuals gained access to parts of its computer network that contained the protected health information of patients.
The security breach was detected and stopped by DPI on September 13, 2021, and a third-party cybersecurity company was engaged to assist with the investigation and determine the nature and scope of the cyberattack. On October 15, 2021, the forensic investigators confirmed evidence was found indicating the attackers had accessed parts of its network where patients’ protected health information was stored.
A review of the files on systems accessible to the hackers releveled the following information may have been viewed or exfiltrated: Full names, addresses, dates of birth, Social Security numbers, tax identification numbers, driver’s license/state-issued identification card numbers, military identification numbers, financial account numbers, medical information, and health insurance policy number. The types of data potentially compromised varied from patient to patient.
From September 13 when the breach was detected until the date of issuing notifications, no evidence has been found to indicate any actual or attempted misuse of patient data; however, affected individuals have been advised to be vigilant against identity theft and fraud and to sign up for the complimentary credit monitoring services that are being provided.
Get The Checklist
Free and Immediate Download
of HIPAA Compliance Checklist
Delivered via email so verify your email address is correct.
Your Privacy Respected
DPI said security measures for its systems and servers have been enhanced, which includes new end-point monitoring tools to identify unauthorized activity.
The incident has not yet appeared on the Department of Health and Human Services’ Office for Civil Rights breach portal, but the breach notification provided to the Maine attorney general indicates the protected health information of 45,262 individuals was potentially compromised.