Touchstone Medical Imaging reveals data breach

Dave Lewis reports:

Touchstone Medical Imaging is a company that is based in Brentwood Tennessee. This is a medical firm that provides services such as MRI, CT scans, Ultrasound and Mammography. Today they announced that they suffered a data breach as the result of an open share that was exposed to the Internet.

This shared folder contained billing information of patients including Social Security numbers, names, addresses, date of birth, and phone numbers. They state that no medical information records were stored in this folder however, they make no mention of possible financial information being stored. It is a fair question as they indicated that the information was billing related.

Read more on CSO.

Touchstone Medical Imaging posted a notice on their web site, linked from their home page:


Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

On May 9, 2014, we became aware that a seldom-used folder containing patient billing information relating to dates prior to August 2012 had inadvertently been left accessible via the internet. Upon learning this, we immediately secured the folder and removed it from public view. We also began an internal investigation which initially led us to believe that the patient information in the folder was not readable. However, on September 5, 2014, we obtained new information that suggested that the patient information may have been readable and included patients’ names, dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and in some instances, Social Security numbers. Medical records were not included.

This incident did not affect all Touchstone patients, but only certain patients who had radiology procedures prior to August 2012.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have. If you believe you are affected but do not receive a letter by October 24, 2014, please call 1- 877-919-9183, Monday through Friday, from 8:00 AM to 8:00 PM Central Time.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

About the author: Dissent

Comments are closed.