Ankle + Foot Center of Tampa Bay security breach affects 156,000 patients? (updated)
A recent update to HHS’s breach tool indicates that the Ankle + Foot Center of Tampa Bay, Inc. in Florida reported a breach involving the PHI of 156,000 patients.
The incident reportedly occurred on or about November 10 and was coded by HHS as “Hacking/IT Incident” involving the provider’s network server.
So far I haven’t found any notice on their web site nor substitute notice in any of the media sources I check through Google (although it’s possible, of course, that they have provided substitute notice in a local paper that isn’t indexed by Google).
If anyone has additional details, please use the Comment sections to share them.
Update of Feb 3: A copy of their notification letter to patients dated January 7th was subsequently uploaded to their web site. It reads, in part:
I write on behalf of Ankle + Foot Center of Tampa Bay, P.A. (the “Company”) to advise you that the Company recently became aware of a breach of the security of protected health information. On or about November 10, 2010, the Company learned that outside third party attempts had been made against the Practice Management System that stores your personal patient data, including your health information.
The information accessed by this unauthorized third party included information such as patient names, social security numbers, date of birth, home addressees, account numbers, and healthcare services and related diagnostic code(s) (“Personal Information”). The Company is conducting an internal investigation of the circumstances surrounding the unauthorized third party’s actions and appropriate authorities have been notified.
And in a “personal statement” also posted to their site, they write:
I understand your concern, Ankle and Foot center has no evidence that any of their patients lives have been adversely affected, nor do we have any evidence to date that their data has been compromised. This is strictly a preventative measure on the part of Ankle and Foot Centers to notify all of their patients that there may have been a breach and to closely monitor their own personal records for any unauthorized changes. Ankle and Foot Centers has elected to voluntarily notify the proper authorities at the Health and Human Services and is working closely with the FBI to ensure that our patients data still is, and always will remain confidential. If you have any further questions please call our 877 number or visit our website. This is an ongoing investigation and this is what we know