Physicians Business Office (PBO) based in Parkersburg, WV, a company providing medical practice management and administrative services, lately reported a security incident that happened in April 2022. PBO discovered strange activity in its system and took action right away to separate the impacted systems and stop continuing unauthorized access. An independent computer forensics firm helped to identify the nature and extent of the breach and to respond to the incident.
The forensic investigation affirmed that the files stored in the breached systems contained the protected health information (PHI) of a number of people, such as names, house addresses, birth dates, driver’s license numbers, Social Security numbers, health treatment, and diagnosis data, disability codes, prescription details, and medical insurance account details. Those files were possibly viewed and might have been copied from its network.
PBO stated that it finished analyzing the files on its system on June 30, 2022, and it informed the impacted healthcare company clients about the data breach on July 26, 2022. Permission was then acquired to distribute notification letters for the impacted healthcare provider clients, and work started on getting updated contact details for the affected people. That procedure was finished on September 16, 2022. Shortly thereafter, notification letters were delivered. Impacted persons were provided free credit and identity monitoring services. PBO mentioned it has already executed extra security procedures to lessen the threat of future breaches.
The data breach report was submitted to the HHS’ Office for Civil Rights indicating that about 196,573 persons were affected.
Data Breach Impacts Over 58,500 Patients of Reelfoot Family Walk-In Clinic
Dyersburg Family Walk-In Clinic, dba Reelfoot Family Walk-In Clinic located in Dyersburg, TN, lately informed 58,562 patients about the unauthorized individuals who obtained some of their PHI after gaining access to its computer network.
The clinic detected suspicious activity in its computer network on July 24, 2022, and took quick action to inspect and mitigate the incident. Independent forensics experts investigated the security breach and affirmed that the hackers got access to its network from July 10, 2022 to August 14, 2022. During that unauthorized access, some files were extracted from its network.
The analysis of all files possibly accessed was done on September 16, 2022. Reelfoot stated the data that had been accessed by the unauthorized persons contained names, driver’s license numbers, Social Security numbers, full home addresses, birth dates, diagnoses, disability codes, laboratory results, prescription drugs, medical records, other treatment data, financial account details, claims data, other billings data, patient IDs and other identifiers.
Reelfoot mentioned it is taking steps to improve the security of its network and will be giving extra security awareness training to its employees. Impacted persons were provided free credit monitoring services for one year.