A breach at Credit Control Corp., a Virginia-based credit reporting agency, may affect several hospitals, health systems and healthcare practices in the state.
On March 7, Credit Control noticed suspicious activity on its system and launched an investigation into the incident.
On May 14, the company learned that files were copied from its network between March 2 and March 7. The files contained names, addresses, Social Security numbers and information relating to the individuals' accounts, according to a May 13 breach notification from Credit Control.
Its hospital and health system business partners that could be affected by the breach include Richmond, Va.-based VCU Health System; Chesapeake (Va.) Regional Medical Center; Fredericksburg, Va.-based Mary Washington Healthcare; Norfolk, Va.-based Sentara Health System; Newport News, Va.-based Riverside Health System; Charlottesville, Va.-based UVA Health System, Valley Health System; and Norfolk, Va.-based Children's Hospital of the King's Daughters Health System as well as its affiliates.
On May 4, Credit Control said it began notifying its business partners, but did not mention how many individuals might be affected by the breach.