DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)

Posted on March 23, 2016 by Dissent

So I had missed this item from the Journal Star on March 8th:

The Illinois Valley Podiatry Group, 3322 W. Willow Knolls Drive, has announced that it has became aware of unauthorized access to its computer records, believed to have taken place last year.

The names, addresses and Social Security numbers of patients may have been viewed, according to the medical office.

Law enforcement has been consulted with a cyber forensics firm assisting to make sure the intrusion is contained, the medical group noted.

While unsure what information has been accessed, Illinois Valley recommends that patients remain vigilant for incidents of fraud and identity theft.

[…]

I have yet to find any press release or substitute notice from the practice, but will update this if I find more. Of note, this incident was reported to HHS on March 8 as affecting 26,588 patients.

Not coincidentally, on March 8, Complete Family Foot Care in Nebraska also reported a hacking/IT incident involving EMR. Their incident was reported as affecting 5,883 patients.

Both reports appear to be linked to a common vendor, Bizmatics, Inc.  Complete Family Foot Care’s notice explains:

Like many healthcare providers, our office employs the services of an independent contractor for the management and storage of electronic patient health records. We do so, in part, because doing so generally provides greater security for the information contained in those records. That information may include patient names, addresses, social security numbers, health insurance numbers, diagnoses, and treatments, but does not include credit card numbers or financial and payment information.  Unfortunately, the independent contractor we employ, Bizmatics, Inc., was recently the victim of an unauthorized access to the servers containing those electronic health records. We believe that that unauthorized access occurred sometime in 2015. We were notified regarding the incident by letter in the first week of January, 2016.

Following that unauthorized access, Bizmatics immediately began working with law enforcement and data security experts to secure their servers and the information contained on them.

Because neither incident appears on HHS’s public breach tool as involving a business associate, the public tool entry might seem a bit misleading.

There does not appear to have been any public statement by Bizmatics so it is not known how many other of its clients were also impacted. DataBreaches.net has requested a statement from the firm and will provide updates as more information becomes available.

Update: NTV reports that employees at CHI Good Samaritan Hospital in Kearney, Nebraska have had their personal information stolen due to a third party vendor attack. This may also be Bizmatic, and DataBreaches.net has left a voicemail with the hospital asking them if they can confirm that. (Update: This was not a Bizmatics-related incident. It involved employee data.)

Related posts:

  • 264,000 and counting: Hack of EHR/EMR vendor leaves clients scrambling
  • Eye Associates of Pinellas notifying 87,000 patients of Bizmatics breach (update2)
  • Two more medical groups notifying patients of Bizmatics security incident
  • Pain Treatment Centers of America notifies 19,397 patients of Bizmatics breach
Category: Health DataSubcontractorU.S.

Post navigation

← IE: Patient documents must have ‘blown out of’ doctor’s hand
Chinese National Pleads Guilty to Conspiring to Hack into U.S. Defense Contractors’ Systems to Steal Sensitive Military Information →

2 thoughts on “Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)”

  1. Regret says:
    March 23, 2016 at 1:38 pm

    Just spent a few minutes googling info on this. Came across this which ironically notes that “92 percent of small-practice EHR [Electronic Health Record] users who switched to a cloud-based EHR from a server in the last six months feel their chances of a major patient record data breach are lowered….”

    1. Dissent says:
      March 23, 2016 at 3:51 pm

      Yeah, that was last year. Before all the misconfigured mongoDB installations and other cloud-based incidents. A cloud server is just someone else’s server… no safer than your own.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.