The trend of nebulous third party vendor security impacting providers continues with a breach notification from Pain Treatment Centers of America and the Interventional Surgery Institute.
A hacker who attacked servers at Bizmatics, the owner and operator of an EHR and practice management tool, also gained access to patients' records from PTCOA and ISI, which utilizes the tools.
"[T]he information that was potentially compromised is the medical record we maintain on you as a patient, such as health visit information, name, address, health insurance information, driver's license number or other ID and, in some cases, a Social Security number. No credit card or financial information is stored in your patient file," the notification letter reads.
The letter doesn't give any concrete information about when PTCOA was alerted of the breach, saying only that Bizmatics informed the organization earlier in 2016.
PTCOA is offering credit monitoring and identity theft recovery services to those affected by the breach, although Bizmatics has not confirmed that any PTCOA patients' data were in fact accessed or acquired by hackers.