Data breach affecting more than 50,000 reported by Medical Colleagues of Texas
The Houston Chronicle reports:
Hackers breached the computer network of a doctors’ group in Katy, potentially accessing upward of 50,000 medical records and personnel files, a lawyer for the practice said Wednesday.
“It’s a large number of records,” said Dallas attorney Lindsay Nickle, who represents the group, Medical Colleagues of Texas.
Computer forensics experts were called in after an office employee at the family practice and obstetrics group noticed unusual activity on March 8 and it was determined the system had been hacked, Medical Colleagues of Texas said. The breached information could include names, addresses, health insurance information and Social Security numbers.
Read more on Houston Chronicle.
The incident isn’t up on HHS’s public breach tool as of the time of this posting. Nor do I see any notice on the practice’s web site.
UPDATE: It was reported to HHS as impacting 68,631. A “data breech” (sic) notice posted to their site reads:
On March 8, 2016, Medical Colleagues of Texas, LLP noticed unusual activity on our computer network. In response to that discovery, we began an investigation and hired an independent computer forensic expert to review and analyze our computer network to confirm it was secure. As a result of that investigation, we discovered that hackers had gained access to our computer network. The investigation indicates that unauthorized individuals may have accessed patient medical records and employee personnel files stored on our network. The information that may have been accessed includes names, addresses, social security numbers, and health insurance information. Law enforcement has been informed about the incident and is cooperating with any ongoing investigation by law enforcement regarding this incident.
A letter has been mailed to potentially impacted individuals explaining the event and providing a toll-free phone number to assist those who have questions.
Medical Colleagues of Texas takes the privacy and security of protected information very seriously, and although we are not aware of the misuse of any information, we are offering credit monitoring services through Equifax at no cost for one year for potentially impacted individuals.
In addition, since this event was discovered, we have taken steps to prevent this type of event from happening again, including updating our computer network, strengthening our firewalls, and implementing two factor authorization measures for remote access. We are also providing additional training and strengthening our policies and procedures in regards to the protection of sensitive personal information.
We sincerely regret any inconvenience or concern this matter may cause and remain dedicated to protecting patients’ information. Individuals who may have been affected by this incident can call 844-812-9299, 8 am to 8 pm Central Time, Monday-Friday with any questions or concerns.