During an attempt to divert funds owed to Telecare Corp. from payors into fraudulent bank accounts, cybercriminals may have exposed patient information, according to a notice posted on the company's website Oct. 4.
Telecare discovered in August that hackers were trying to divert payments to fraudulent accounts. Upon investigation, the company learned the unauthorized third parties had gained access to a limited amount of patient demographic and clinical information.
According to HHS' Office for Civil Rights, Telecare has notified 823 patients of the security incident.
Along with patient data being exposed, an employee's email account was also compromised. Telecare immediately took action to secure the account. Since the incident, Telecare has implemented additional technical and non-technical safeguards. Patients are also being offered one year of free credit monitoring.