DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Two more medical groups notifying patients of Bizmatics security incident

Posted on June 10, 2016 by Dissent

Unbelievable. Entities are still first notifying patients of the Bizmatics, Inc. breach.

The North Ottawa Community Health System says it is erring on the side of caution following notification that the third-party electronic medical record company it uses for primary care patients might have had its computer servers breached.

NOCHS spokeswoman Jen VanSkiver said the local health system was notified that a software company called Bizmatics may have had an unauthorized user access its servers. The California-based company serves thousands of professionals and organizations across the world.

Read more on Grand Haven Tribune.

It’s not clear when Bizmatics first notified them, but they say they are notifying 20,000 patients. Of note, they say they stopped using Bizmatics three years ago – before the breach began. So what were the terms of their contract with Bizmatics that Bizmatics still had their data and on that server?

But NOCHS is not the only entity notifying patients this week because of the Bizmatics incident. Vincent Vein Center Grand Junction, P.C. is notifying 2,250 of its patient about the incident. Here is their statement from their web site:

Vincent Vein Center Grand Junction, P.C. (“VVC”) uses an electronic health record and practice management tool called PrognoCIS that is owned and operated by a third-party vendor, Bizmatics. Bizmatics recently provided VVC the attached letter indicating that a malicious hacker attacked Bizmatics’ data servers, which resulted in unauthorized access to Bizmatics customers’ records – ours included.

The PrognoCIS tool stores and organizes patient files, so the information that was potentially compromised is the medical record we maintain on you as a patient, such as health visit and treatment information, name, address, health insurance information, other identifying information, and, in some cases, a social security number. No credit card or financial information is stored in your patient file. Furthermore, as you will note in the letter from Bizmatics, Bizmatics has informed us that it has “no evidence that any
of [VVC’s] records were in fact accessed or acquired by unauthorized persons, posted online, or otherwise shared in a public manner”.

VVC takes this issue seriously and has been in contact with Bizmatics regarding its investigation and assessment of the situation. Bizmatics informed VVC that it has consulted with law enforcement and has hired an independent cyber forensics firm to investigate and assure the intrusion is contained and the affected systems are better secured.

As noted in Bizmatics’ letter, we have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics. VVC is examining Bizmatics’ practices and determining whether a continued relationship with Bizmatics is appropriate. VVC will make every attempt to prevent further breaches.

We want to assure that your questions about this incident are answered so we have established a toll free number you can call to address your concerns. That number is 1-855-465-8882. You can also write us at 601 Center Ave, Grand Junction, CO 81501 or [email protected].

Despite there being no evidence that your records were accessed or that identity theft has occurred as a result of the incident, we have included the information enclosed as a resource for you. We sincerely regret that this incident has occurred and thank you for your understanding.

VVC’s notice and Bizmatic’s letter to them indicates that VVC was first notified in December 2015, and then again on March 30, 2016. There seems to be a long delay to notification of patients. I wonder what HHS/OCR will say about that, if anything.

Category: Health DataNon-U.S.Subcontractor

Post navigation

← Cybersecurity and Data Privacy: Proposed Legislation Would Substantially Expand and Strengthen New York’s Data Breach Notification Statute
Ca: Patient privacy breached at Credit Valley Hospital after health records ‘improperly accessed’ →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.