Inmediata Health Group notifies covered entities’ patients after exposure of PHI on web
From their press release:
Inmediata Health Group, Corp. (“Inmediata”) recently became aware of a data security incident that may have involved the limited personal and medical information of some of its customers’ patients. Inmediata is directly mailing notification letters to individuals who may have been affected by this incident and to provide resources to assist them.
In January 2019, Inmediata became aware that some electronic health information was viewable online due to a webpage setting that permitted search engines to index internal webpages that Inmediata uses for business operations. Immediately after Inmediata became aware of the incident, the company deactivated the website and engaged an independent computer forensics firm to assist with an investigation. Based on the current findings of the ongoing investigation, Inmediata has no evidence that any files were copied or saved. In addition, Inmediata has yet to discover any evidence to suggest that any information potentially involved in this incident has been subject to actual or attempted misuse.
The information potentially involved in this incident may include patients’ names, addresses, dates of birth, gender, and medical claim information. A very small group of the potentially impacted people may have Social Security numbers involved as well. The letters mailed to the affected individuals specifically state what data of theirs may have been impacted.
Although Inmediata is unaware of the misuse of any involved information, out of an abundance of caution, Inmediata began mailing notification letters to the potentially affected individuals directly on April 22, 2019. The notification letters also include information about the incident and steps potentially affected individuals can take to monitor and protect their personal information. Inmediata has a toll-free call center established to answer questions about the incident and related concerns. The call center is available Monday through Friday from 9:00 a.m. to 6:30 p.m. Eastern Time and can be reached at (833) 389-2392. Further information for all patients can be found at the Inmediata website at https://www.inmediata.com.
Founded in 2002 as a health care value-added intermediary providing clearinghouse services, today Inmediata provides a full suite of software and business process outsourcing solutions for health plans, hospitals, IPAs, and independent physicians. Inmediata leverages its claim adjudication, clearinghouse, practice management, electronic health record and health information exchange services to support administrative simplification and population health. For more details, visit https://www.inmediata.com.
Update: The comments below this post suggest a major screw-up in Inmediata’s incident response as far as the mailed notifications go. I do not know know if they used a third-party vendor to handle the mailing, but what I’m reading in comments is very disturbing, to say the least!