Baylor Scott & White Medical Center – Frisco notifies 47,000 patients after third-party bill payment vendor was hacked.
Baylor Scott & White Medical Center – Frisco, a joint venture managed by United Surgical Partners International (USPI), announced today it has sent letters to approximately 47,000 patients or guarantors whose payment information, including partial credit card information, may have been subject to an inappropriate computer intrusion. Baylor Scott & White Medical Center – Frisco is a joint venture affiliated with Baylor Scott & White Health and USPI.
On September 29, 2018, the hospital discovered an issue with a third-party vendor’s credit card processing system. The hospital immediately notified the vendor and terminated credit card processing through them. An investigation determined the inappropriate computer intrusion occurred between September 22-29, 2018. There is no indication the information has been further disclosed or misused by any other unauthorized individuals or entities.
Baylor Scott & White and USPI take safeguarding information seriously. As a precaution, the hospital has arranged for TransUnion Interactive, a subsidiary of TransUnion, one of the three nationwide credit reporting companies, to provide patients or guarantors with one year of credit monitoring services, free of charge.
It is important to note that the hospital’s information and clinical systems were not affected, and medical information was not compromised. Social Security numbers and medical record information were not accessed. No other Baylor Scott & White facility was impacted.
Data that may have been accessed included name, mailing address, telephone number, date of birth, medical record number, date of service, insurance provider information, account number, last four digits of the credit card used for payment, the credit card CCV number, type of credit card, date of recurring payment, account balance, invoice number, and status of transaction.
Patients or guarantors in need of more information related to this incident may contact 1-833-836-9900 between the hours of 7:00 am and 6:00 pm CST Monday – Friday, excluding holidays.
Source: Baylor Scott & White
The incident was reported to HHS on November 26 as affecting 47,984 patients. As of December 10, the online payment system is still down. USPI has not responded to an inquiry from DataBreaches.net asking whether they were in the process of finding another vendor.