DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)

Posted on March 23, 2016 by Dissent

So I had missed this item from the Journal Star on March 8th:

The Illinois Valley Podiatry Group, 3322 W. Willow Knolls Drive, has announced that it has became aware of unauthorized access to its computer records, believed to have taken place last year.

The names, addresses and Social Security numbers of patients may have been viewed, according to the medical office.

Law enforcement has been consulted with a cyber forensics firm assisting to make sure the intrusion is contained, the medical group noted.

While unsure what information has been accessed, Illinois Valley recommends that patients remain vigilant for incidents of fraud and identity theft.

[…]

I have yet to find any press release or substitute notice from the practice, but will update this if I find more. Of note, this incident was reported to HHS on March 8 as affecting 26,588 patients.

Not coincidentally, on March 8, Complete Family Foot Care in Nebraska also reported a hacking/IT incident involving EMR. Their incident was reported as affecting 5,883 patients.

Both reports appear to be linked to a common vendor, Bizmatics, Inc.  Complete Family Foot Care’s notice explains:

Like many healthcare providers, our office employs the services of an independent contractor for the management and storage of electronic patient health records. We do so, in part, because doing so generally provides greater security for the information contained in those records. That information may include patient names, addresses, social security numbers, health insurance numbers, diagnoses, and treatments, but does not include credit card numbers or financial and payment information.  Unfortunately, the independent contractor we employ, Bizmatics, Inc., was recently the victim of an unauthorized access to the servers containing those electronic health records. We believe that that unauthorized access occurred sometime in 2015. We were notified regarding the incident by letter in the first week of January, 2016.

Following that unauthorized access, Bizmatics immediately began working with law enforcement and data security experts to secure their servers and the information contained on them.

Because neither incident appears on HHS’s public breach tool as involving a business associate, the public tool entry might seem a bit misleading.

There does not appear to have been any public statement by Bizmatics so it is not known how many other of its clients were also impacted. DataBreaches.net has requested a statement from the firm and will provide updates as more information becomes available.

Update: NTV reports that employees at CHI Good Samaritan Hospital in Kearney, Nebraska have had their personal information stolen due to a third party vendor attack. This may also be Bizmatic, and DataBreaches.net has left a voicemail with the hospital asking them if they can confirm that. (Update: This was not a Bizmatics-related incident. It involved employee data.)

Category: Health DataSubcontractorU.S.

Post navigation

← IE: Patient documents must have ‘blown out of’ doctor’s hand
Chinese National Pleads Guilty to Conspiring to Hack into U.S. Defense Contractors’ Systems to Steal Sensitive Military Information →

2 thoughts on “Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)”

  1. Regret says:
    March 23, 2016 at 1:38 pm

    Just spent a few minutes googling info on this. Came across this which ironically notes that “92 percent of small-practice EHR [Electronic Health Record] users who switched to a cloud-based EHR from a server in the last six months feel their chances of a major patient record data breach are lowered….”

    1. Dissent says:
      March 23, 2016 at 3:51 pm

      Yeah, that was last year. Before all the misconfigured mongoDB installations and other cloud-based incidents. A cloud server is just someone else’s server… no safer than your own.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.