Livonia, Mich.-based Mendelson Kornblum Orthopedic and Spine Specialists recently began notifying nearly 30,000 patients that their protected health information may have been exposed for an "unknown" amount of time because of a cyberattack.
The medical practice reported the incident to HHS on March 5 as affecting 28,658 people. In a statement posted on its website, Mendelson Kornblum said it discovered the breach Jan. 5 and that one of its computer servers "was and had been for an unknown period of time vulnerable to viewing by unauthorized third parties."
The patient information exposed included names, medical record numbers, birth dates, sex, and certain data regarding medical images. The exposed information did not include any medical images, Social Security numbers of financial data, according to the breach notice.
Mendelson Kornblum said it launched an investigation into the incident and identified and closed the vulnerability on the computer server to prevent additional exposure.