CA: Silverberg Surgical and Medical Group notifies patients of PHI exposure
Silverberg Surgical and Medical Group in California is notifying patients after learning that for almost two years, patient health records were exposed on the Internet.
In an undated template notification letter submitted to the California Attorney General’s Office today, they write:
Based on our investigation, on September 10, 2013 a document scanning device inadvertently exposed some patient health records to the Internet. The records that were accessible included patient names, addresses, dates of birth and admission, telephone and fax numbers, e-mail addresses, medical information, medical record numbers, health plan data and beneficiary numbers, and, in some cases Social Security numbers, State License numbers and full face photographic images. No passwords, security codes or financial data like account or credit/debit card numbers were made accessible in connection with this incident.
On August 28, 2015, Silverberg Surgical and Medical Group was made aware of the breach and immediately took the document scanning device offline and secured its systems and scanners. We have undertaken an extensive investigation of the matter, including hiring a forensic specialist security firm to assist us in conducting a full investigation of the incident. We have taken steps to secure any data that was involved in this incident and we have notified the appropriate state and federal authorities, including the Federal Bureau of Investigation.
The number of patients whose records were exposed was not included in the letter. Nor was there any statement as to whether the patient data had been accessed and/or downloaded during the almost-two-year period.
Those being notified are being offered one year of credit monitoring with Kroll. Their services include “Credit Monitoring, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Theft Insurance, and Identity Theft Consultation and Restoration.”