Connexin Software notifies parents of 2.2 million pediatric patients of hack

Connexin Software, a business associate to numerous pediatric practices, recently notified HHS that it experienced a breach that affected 2,216,365 patients.

One thing DataBreaches noted with interest in their substitute notice below is their statement that an unauthorized individual was able to access an offline set of patient data used for data conversion and troubleshooting.  If the data set was offline, how did the attacker gain access to it?  Nor does the notice indicate whether Connexin ever received any ransom demand.

The following is their statement and list of covered entities for whom they are providing notice to patients. Some of Connexin’s clients may have decided to do provide their own notifications, so the 2.2 million number may not be not the grand total for those affected:

Connexin Software, Inc. (Connexin), a provider of electronic medical records and practice management software, billing services, and business analytic tools to pediatric physician practice groups, is providing notice that an unauthorized third party was able to gain access to an internal computer network.   The live electronic medical record was not accessed and the incident did not affect any pediatric practice groups’ systems, databases, or medical records system at all.

On August 26, 2022, Connexin detected a data anomaly on our internal network.  We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident.  On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting.  Some of that data was removed by the unauthorized party.  The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all.  Connexin is not aware of any actual or attempted misuse of personal information as a result of this event.

The patient information may have included: (1) patient demographic information (such as patient name, guarantor name, parent/guardian name, address, email address, and date of birth); (2) Social Security Numbers (“SSNs”), (3) health insurance information (payer name, payer contract dates, policy information including type and deductible amount and subscriber number); (4) medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and Medical Record Numbers); and (5) billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by your provider). Please note that not all data fields may have been involved for all individuals.  Information of a parent, guardian, or guarantor may also have been impacted by the incident.

Data security is very important to us.  As soon as we discovered the incident, we immediately took action to stop the unauthorized activity.  This included a password reset of all corporate accounts and moving all patient data used for data conversion and troubleshooting into an environment with even greater security. Connexin also retained a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement to investigate the incident.  In response to this incident, Connexin has enhanced its security and monitoring as well as further hardened its systems as appropriate to minimize the risk of any similar incident in the future.

The enclosed Reference Guide includes additional information on general steps you can take to monitor and protect your child’s personal information.  We encourage you to carefully review credit reports and statements sent from providers as well as your insurance company to ensure that all account activity is valid; any questionable charges should be promptly reported to the provider’s billing office, or for insurance statements, to your insurance company.

If your child’s SSN was impacted, Connexin has arranged to offer your child identity monitoring services for a period of one year, at no cost to you, through Kroll (our third party vendor).  You have 6 months from the date of your notice letter to activate these services, and instructions on how to activate these services are included in your notice letter.

Individuals who may have been impacted by this event are being mailed notices. Since it is possible there may be insufficient or out-of-date contact information for some individuals whose information was impacted, this notice is also accessible via Connexin’s website at and the affected physician practice groups’ websites, consistent with HIPAA.

If you have any questions about this matter or would like additional information, please refer to the enclosed Reference Guide, or call toll-free 855-532-0912.  This call center is open from 8:00am – 5:30pm CT, Monday through Friday, excluding some U.S. holidays.

We sincerely regret and apologize that this incident occurred.  Connexin takes the security of personal information seriously, and we will continue to work diligently to protect the information entrusted to us.

This notice is being provided on behalf of the following physician practices/practice groups:

ABC Pediatrics Practice, PC

Academy Pediatrics, PA

Advanced Care Pediatric Centre, PLLC

Alice Tanner, M.D., PC

All Star Pediatrics, LLC

Angel Kids Pediatrics

Arlington Pediatric Partners, PLLC d/b/a Kids Docs Pediatrics

Ascension Medical Group f/k/a Pediatric Associates, PA

August Pediatrics, PA

Austex Pediatrics, PA

Bristow Pediatrics, PLLC

Cecilia A Nwankwo, M.D. FAAP, PC

Carolina Pediatrics and Adolescent Care, PA

Casey Thomas Mulcihy Austin Texas, PA

Central Coast Pediatrics, Inc.

Children’s Clinic, Ltd.

Children’s Health Center of Columbus, Inc.

Children’s Health of Ocala, PA

Children’s Mercy – Pediatric Partners, Inc.

Children’s Mercy – Shawnee Mission Pediatrics

Children’s Pediatric Center Northside, LLC

Community Pediatrics, SC

Cordova Pediatrics, PLLC

Crockett Kids Pediatrics, PC

Discovery Pediatrics, Inc.

Dr. Michael J Ulich Pediatrics, LLC

Drexel Hill Pediatric Associates, PC

Eastern Carolina Pediatrics, PA

Eastern Shore Children’s Clinic, PC

Ekta Khurana, M.D., PLLC

Emily B. Vigour, M.D., LLC d/b/a Vigour Pediatrics

Ennis Pediatric and Adolescent Health Care, PA

Forest Hill Pediatrics, LLC MD

Fox Pediatrics, PLLC

Fraser-Branche Medical, PLLC

Gaurang Patel, M.D., LLC

Gold Pediatrics, PA

Goldsboro Pediatrics, PA

Goodlettsville Pediatrics, PC

Graham Pediatrics of Woodstock, LLC

Great Bend Children’s Clinic, PA

Harbor Pediatrics, PS

Hatboro Pediatrics, PC

Hawthorne Pediatrics, LLC

Hebron Pediatrics, LLC

Heights Pediatrics, PC

Helena Pediatric Clinic, PC

Holmdel Pediatrics, LLC

Honeygo Pediatrics, LLC

Jackson Pediatric Associates, PA

Jaleh Niazi, M.D., PC d/b/a New Day Pediatrics

James A. Weidman, AMC

Jose F. Alvarado & Associates, PA

Kate Bowers, M.D., PLLC d/b/a Firefly Pediatrics

Kerrville Pediatrics, PLLC

Kids First Pediatric Care, PA

Kids Kare Pediatrics, PLLC

Kids World Pediatrics, LLC


Kidswood Pediatrics, Inc.

Kidzcare Pediatrics, PC

KION Pediatrics, PLLC

Kressly Pediatrics, PC

Lilac City Pediatrics, PA

Madison Pediatric Associates, PC

Maria Luisa Lira, M.D., PA

Mariano D. Cibran, M.D., Inc. d/b/a St. Petersburg Pediatrics

Maryland Pediatric Care, LLC

Maryvale Pediatric Specialists, LLC

Mayura Madani, M.D., PLLC

McComb Children’s Clinic, Ltd.

Northeast Pediatric Night Clinic, Inc.

Oregon City Pediatrics

Orland Children’s Center, Inc.

Passaic Pediatrics II, PA

Pediatric Associates, PSC

Pediatric Associates of Lawrenceville, LLC

Pediatric Care Center No. 2, Inc.

Pediatric Center for Wellness, PC

Pediatric Health Center of El Paso

Pediatric Healthcare Associates of McKinney

Pediatric Medicine of Cartersville, PC

Pediatric MultiCare West, LLC

Pediatric Physicians of Reston, PC

Pediatrics East, PC

Peds First Pediatrics

Pensacola Pediatrics PA

Petoskey Pediatrics PC

Phillips Pediatrics, PC

Premiere Pediatrics, PLLC

QC Kidz Pediatrics, PLLC

Rachel Z. Chatters, M.D., Inc

Raleigh Group, PC

Rankin Children’s Group, PLLC

Raza Ali, MD, PC

Reading Pediatrics, Inc.

Renaissance Pediatrics, P.C.

Ruth Agwuna, M.D.

Samuel R Williams, M.D., PA

San Marino Pediatric Associates

SchoolCare, Inc. f/k/a CareDox, Inc.

SCS LLC d/b/a Bayshore Pediatrics

Sistema Infantil Teleton USA, Inc. a/k/a CRITS

South River Pediatrics, LLC

Springfield Medical, LLC

Sumter Pediatrics, LLC

Texoma Pediatrics, PLLC

The Pediatric & Adolescent Clinic, Inc.

The Pediatric Center of Frederick, LLC

Thomasville-Archedale Pediatrics, PLLC

Thompson River Pediatrics and Urgent Care, LLC

Valley Children’s Medical Group

Virginia Pediatric Group, Ltd.

Watch Us Grow Pediatrics, PC

We Care Pediatrics, PC

Wee Tots Pediatrics, PA

Westview Pediatric Care, LLC

Winsted Pediatrics

Yazji Pediatrics

Zero Pediatrics, PLLC

About the author: Dissent

Comments are closed.