DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)

Posted on March 23, 2016 by Dissent

So I had missed this item from the Journal Star on March 8th:

The Illinois Valley Podiatry Group, 3322 W. Willow Knolls Drive, has announced that it has became aware of unauthorized access to its computer records, believed to have taken place last year.

The names, addresses and Social Security numbers of patients may have been viewed, according to the medical office.

Law enforcement has been consulted with a cyber forensics firm assisting to make sure the intrusion is contained, the medical group noted.

While unsure what information has been accessed, Illinois Valley recommends that patients remain vigilant for incidents of fraud and identity theft.

[…]

I have yet to find any press release or substitute notice from the practice, but will update this if I find more. Of note, this incident was reported to HHS on March 8 as affecting 26,588 patients.

Not coincidentally, on March 8, Complete Family Foot Care in Nebraska also reported a hacking/IT incident involving EMR. Their incident was reported as affecting 5,883 patients.

Both reports appear to be linked to a common vendor, Bizmatics, Inc.  Complete Family Foot Care’s notice explains:

Like many healthcare providers, our office employs the services of an independent contractor for the management and storage of electronic patient health records. We do so, in part, because doing so generally provides greater security for the information contained in those records. That information may include patient names, addresses, social security numbers, health insurance numbers, diagnoses, and treatments, but does not include credit card numbers or financial and payment information.  Unfortunately, the independent contractor we employ, Bizmatics, Inc., was recently the victim of an unauthorized access to the servers containing those electronic health records. We believe that that unauthorized access occurred sometime in 2015. We were notified regarding the incident by letter in the first week of January, 2016.

Following that unauthorized access, Bizmatics immediately began working with law enforcement and data security experts to secure their servers and the information contained on them.

Because neither incident appears on HHS’s public breach tool as involving a business associate, the public tool entry might seem a bit misleading.

There does not appear to have been any public statement by Bizmatics so it is not known how many other of its clients were also impacted. DataBreaches.net has requested a statement from the firm and will provide updates as more information becomes available.

Update: NTV reports that employees at CHI Good Samaritan Hospital in Kearney, Nebraska have had their personal information stolen due to a third party vendor attack. This may also be Bizmatic, and DataBreaches.net has left a voicemail with the hospital asking them if they can confirm that. (Update: This was not a Bizmatics-related incident. It involved employee data.)

No related posts.

Category: Health DataSubcontractorU.S.

Post navigation

← IE: Patient documents must have ‘blown out of’ doctor’s hand
Chinese National Pleads Guilty to Conspiring to Hack into U.S. Defense Contractors’ Systems to Steal Sensitive Military Information →

2 thoughts on “Illinois Valley Podiatry Group warned 26,588 patients after contractor hacked (Update1)”

  1. Regret says:
    March 23, 2016 at 1:38 pm

    Just spent a few minutes googling info on this. Came across this which ironically notes that “92 percent of small-practice EHR [Electronic Health Record] users who switched to a cloud-based EHR from a server in the last six months feel their chances of a major patient record data breach are lowered….”

    1. Dissent says:
      March 23, 2016 at 3:51 pm

      Yeah, that was last year. Before all the misconfigured mongoDB installations and other cloud-based incidents. A cloud server is just someone else’s server… no safer than your own.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen
  • Iranian and Pro-Regime Cyberattacks Against Americans (2011-Present)
  • Nigerian National Pleads Guilty to International Fraud Scheme that Defrauded Elderly U.S. Victims
  • Nova Scotia Power Data Breach Exposed Information of 280,000 Customers
  • No need to hack when it’s leaking: Brandt Kettwick Defense edition
  • SK Telecom to be fined for late data breach report, ordered to waive cancellation fees, criminal investigation into them launched
  • Louis Vuitton Korea suffers cyberattack as customer data leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.