Huntsville, Ala.-based Diatherix Labs has reported a data breach affecting more than 7,000 individuals.
Diatherix, a clinical laboratory testing service provider, issued a notification that a company they contract with for billing services, Diamond Computing Company, had a lapse in security allowing one of its computer servers to be made accessible through the Internet beginning Sept. 24, 2011. The unsecure server was first accessed Oct. 16, 2011, but documents containing protected health information were first viewed March 7, 2014, according to the notification letter. Diamond Computing Company terminated access to the server on July 10, 2014.
The server contained documents related to patient billing such as health insurance claim forms and billing-related letters, containing information including patient names, patient account numbers, address, test dates, insurance information and guarantor information. The notification also indicates some documents included Social Security numbers, birth dates, diagnosis codes and tests ordered for the patients. No laboratory test results, banking information or credit card information was included in the documents.
More articles on data breaches:
Central Utah Clinic hacked, 30k patient records exposed
10 largest provider data breaches due to hardware theft
Memorial Hermann Health System data breach compromises 10k patients' data