Siouxland Pain Clinic says patient information likely exposed by hacker
Mike Bell reports:
Patient privacy likely was breached when Siouxland Pain Clinic‘s computer system was hacked, the clinic’s attorney said in a news release Friday afternoon.
The release said it’s “highly likely” patients’ health and other personal information was exposed when a “foreign hacker” accessed the clinic’s server between March 26 and April 2.
“At this point, we have no evidence that any data has been misused,” said the statement, which was emailed to the Journal from Lonnie Braun, a personal injury attorney in Rapid City, S.D.
The statement said the clinic was notified of the security breach June 26. It did not say how many patients may be affected or whether the clinic has notified them.
There is no notice up on the clinic’s web site at this time, and so far, I can find nothing online like a press release or substitute notice.
So what kinds of patient information were involved? It appears that the clinic is not offering any free credit monitoring services. Was any identity information on the server? Even though they say “we have no evidence” of misuse, we all know that this is not conclusive proof of no misuse so far or in the future.
And not only do we not know how many patients are being notified, but it’s not clear how the clinic first learned of the breach. Who notified them on June 26, and how did that person discover the breach? Did law enforcement notify the clinic?