Eye Associates of Pinellas is the latest victim of HIPAA Compliance violation. Practice reported an incident of the data breach of their patient data at the hands of a third party vendor. The Eye Associates of Pinellas, located in Florida recently issued a statement to its patients stating that the company experienced a data breach. Eye Associates of Pinellas was informed by Bizmatics, a third party medical software vendor that they had a data breach on March 30th, 2016. After further investigation, it was discovered that the breach actually took place in January of 2015, and went undiscovered for over a year.
The breach was said to have allowed unauthorized individuals to take patient file data which included electronic protected health information(ePHI) like Social Security Numbers, addresses, phone numbers, names, date of births, and insurance information. Bizmatics was unable to identify exactly which of the files were breached meaning Eye associates of Pinellas has to assume all patient data has been compromised. This attack was one of many which were targeted at Bizmatics, which currently serves 15K+ healthcare clients. As of now there is no HIPAA violations or penalties. Eye Associates of Pinellas HIPAA compliance violation is unknown however we do know that the breach was not on their end. Following the data breach Bizmatics has said they are notifying the FBI along with hiring a cyber-security firm, and hardening their firewall. Eye Associates of Pinellas is now offering its patients a year of free identity theft protection as a result of the data breach. The problem is that the patient data was breached well before it was noticed meaning some of the patients could already have had their identity’s stolen or personal information sold to cyber-criminals.
These attacks are very advanced and most likely planned out. Bizmatics has a pretty tight security platform so breaching its network and stealing data is no easy task. The significance of this is that if hackers/cyber-crime criminals can breach a highly secure well established medical software management company, then breaching a small to medium sized medical practice would be a walk in the park. As cyber-crime continues to grow it is crucial that you ensure your practice is both HIPAA complaint and as secure as possible. One of the most effective ways of doing this is to have a Security Risk Analysis done. At EHR 2.0 we offer DIY toolkit and consulting option for both Security Risk Analysis and HIPAA/HITECH Assurance Assessment from solo practice to large practice.
At EHR 2.0 we assist healthcare organizations and business associates develop and implement practices to secure patient data, and comply with HIPAA/HITECH regulations and Meaningful Use EHR incentive programs. Contact us at 866-276-8309 or firstname.lastname@example.org for more information.
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017