HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Wisconsin Dermatology Practice Reports Data Breach Affecting 2.41 Million Individuals

Manitowoc, WI-based Forefront Management, LLC and Forefront Dermatology, S.C. discovered on June 4, 2021 that unauthorized individuals had gained access to its network and potentially viewed private and confidential employee and patient information.

The affected systems were immediately taken offline to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the attack. On June 24, 2021, Forefront determined that certain files stored on its network had been accessed and potentially obtained which contained the personal information of a limited number of Forefront employees, including their names and Social Security numbers. The investigation revealed its network was first breached on May 28, 2021 and access remained possible until June 4, 2021.

During the course of the investigation, Forefront determined the unauthorized individual also accessed files that included the personal and protected health information of a limited number of current and former Forefront patients.

Patient information potentially compromised in the attack included names, addresses, dates of birth, patient account numbers, health insurance member ID numbers, medical record numbers, dates of service, provider names, and/or medical and clinical treatment information.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

The breach report submitted to the Maine state attorney general indicates 4,431 individuals were affected by the breach, but in a website notice, Forefront Dermatology said, “While the investigation found evidence that only a small number of patients’ information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients’ information may have been subject to unauthorized access.” The breach report submitted to the HHS’ Office for Civil Rights indicates up to 2,413,553 individuals were potentially affected.

While there is no indication that any information in the files has been misused, Forefront is offering affected individuals a complimentary 12-month membership to TransUnion’s myTrueIdentity Credit Monitoring Service. Forefront said it is enhancing its security protocols to help prevent a similar incident from occurring in the future.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.