Yuba City, Calif.-based Sutter Buttes Imaging Medical Group is notifying patients that their protected health information may have been accessed by unauthorized individuals who hacked into its vendor's IT infrastructure in 2019.
The imaging group learned of the incident in December and launched an investigation, which found that its medical records vendor's IT infrastructure had security vulnerabilities that allowed unauthorized individuals to access the patient information between July 2019 and December 2020.
Patient information accessed included names, dates of births, study dates and types of imaging procedures performed, according to a Feb. 15 news release.
Sutter Buttes said it closed certain firewall ports to prevent future unauthorized access and began working with third-party IT consultants to increase its security controls.