Stamford Podiatry Group in Stamford, Connecticut is notifying patients that their network was comprised and electronic health records (EHR) may have been accessed and copied.
Although forensics examination was unable to determine with certainty exactly what data were exfiltrated, Dr. Rui DiMelo, Vice President of Stamford Podiatry Group, informed patients that unauthorized persons obtained “covert” access to their system between February 22 and April 14.
The types of protected health information that may have been accessed included patients’ name, postal and email addresses, telephone number, date of birth, Social Security number, gender, marital status, medical history and treatment information, names of doctors and referring doctors, and insurance information.
Those being notified are being offered one year of services with Equifax Credit Watch.
The number of patients being notified was not disclosed, and the incident is not yet up on HHS’s public breach tool. Nor do they disclose how they became aware of the breach.
UPDATE: When the incident was added to HHS’s breach tool, it indicated that 40,491 were affected by the incident.
But Stamford Podiatry Group isn’t the only medical entity disclosing hacks involving EMR/EHR this past week. Integrated Health Solutions PC in Pennsylvania notified HHS that 19,776 of their patients were notified of a hack. I can find no notice from them yet, though.
Update: I can’t say I’m surpised. The Integrated Health Solutions breach was the Bizmatics, Inc. breach that I’ve blogged about before. Credit to The Morning Call for reporting that. Like this site, they got no response from Bizmatics when they requested more information. As I’ve noted before on Twitter, this is possibly a huge incident, as Bizmatics has 15,000 clients, and we already know that some clients had tens of thousands of patients to notify.