Orleans (Ind.) Medical Clinic is notifying patients that hackers accessed one of its computer servers containing EHR data after it was left unsecured after an upgrade.
The family practice clinic became aware of suspicious activity on the server in mid-April. An investigation indicated hackers gained access to the server from April 5 through April 17. The clinic received confirmation of individuals and information potentially affected by the breach on July 21.
According to Orleans Medical Clinic, the server contained medical records and demographic information. "This incident did not involve or affect the security of our patient portal in any manner, and at no point were we unable to access the information needed to provide high quality healthcare services to patients," according to the notice. "Upon learning of the incident, we immediately secured the server so that this type of attack could not occur again."
Orleans Medical Clinic said its investigation could not definitively conclude whether hackers accessed or obtained individual information, however "it would have been possible for the hackers to access and obtain patient information about all of our current and former patients," it said. According to HHS Office for Civil Rights breach notification portal, the incident affected 6,890 individuals.
More articles on data breaches:
Dignity Health hospital reports breach after 'excessive' patient data sent to health plan
Orlando Health employee went through personal information of Pulse survivors, hospital says
OCR to investigate more breaches affecting 500 or fewer individuals