Southeast Eye Institute, which does business as Eye Associates of Pinellas, is notifying patients their protected health information may be compromised after a third-party vendor suffered a data breach.
The provider, based in Pinellas Park, Fla., said off-site vendor Bizmatics notified Southeast Eye Institute of the breach March 30, saying "at least some" information in patient files was accessed by unauthorized individuals.
According to Southeast Eye Institute's notification letter, Bizmatics is unable to identify which patient files were accessed. Bizmatics reportedly told Southeast Eye Institute that it keeps sensitive information in separate files in efforts to enhance security: For example, names are kept separately from addresses, according to the letter.
However, potentially compromised information includes names, addresses, phone numbers, Social Security numbers, birth dates and insurance information. Bizmatics did not store any medical information or credit card information, according to the notification letter.
According to HHS' Office for Civil Rights breach notification portal, the breach affects more than 87,000 individuals.
Bizmatics said the breach appears to have occurred in January 2015. The vendor has notified the FBI and is working to strengthen its cybersecurity defenses, according to the notification letter. Southeast Eye Institute is no longer using Bizmatics' practice management software.
More articles on data breaches:
Managing insider cybersecurity risk: 5 key findings
Unhealthy rise in healthcare privacy breaches: 5 tips to stay ahead of patient privacy threats
Vendor misconfiguration breaches Children's National Health System patient data