DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Two more medical groups notifying patients of Bizmatics security incident

Posted on June 10, 2016 by Dissent

Unbelievable. Entities are still first notifying patients of the Bizmatics, Inc. breach.

The North Ottawa Community Health System says it is erring on the side of caution following notification that the third-party electronic medical record company it uses for primary care patients might have had its computer servers breached.

NOCHS spokeswoman Jen VanSkiver said the local health system was notified that a software company called Bizmatics may have had an unauthorized user access its servers. The California-based company serves thousands of professionals and organizations across the world.

Read more on Grand Haven Tribune.

It’s not clear when Bizmatics first notified them, but they say they are notifying 20,000 patients. Of note, they say they stopped using Bizmatics three years ago – before the breach began. So what were the terms of their contract with Bizmatics that Bizmatics still had their data and on that server?

But NOCHS is not the only entity notifying patients this week because of the Bizmatics incident. Vincent Vein Center Grand Junction, P.C. is notifying 2,250 of its patient about the incident. Here is their statement from their web site:

Vincent Vein Center Grand Junction, P.C. (“VVC”) uses an electronic health record and practice management tool called PrognoCIS that is owned and operated by a third-party vendor, Bizmatics. Bizmatics recently provided VVC the attached letter indicating that a malicious hacker attacked Bizmatics’ data servers, which resulted in unauthorized access to Bizmatics customers’ records – ours included.

The PrognoCIS tool stores and organizes patient files, so the information that was potentially compromised is the medical record we maintain on you as a patient, such as health visit and treatment information, name, address, health insurance information, other identifying information, and, in some cases, a social security number. No credit card or financial information is stored in your patient file. Furthermore, as you will note in the letter from Bizmatics, Bizmatics has informed us that it has “no evidence that any
of [VVC’s] records were in fact accessed or acquired by unauthorized persons, posted online, or otherwise shared in a public manner”.

VVC takes this issue seriously and has been in contact with Bizmatics regarding its investigation and assessment of the situation. Bizmatics informed VVC that it has consulted with law enforcement and has hired an independent cyber forensics firm to investigate and assure the intrusion is contained and the affected systems are better secured.

As noted in Bizmatics’ letter, we have no reason to believe that our patient files were the target of the hackers’ attack on Bizmatics. VVC is examining Bizmatics’ practices and determining whether a continued relationship with Bizmatics is appropriate. VVC will make every attempt to prevent further breaches.

We want to assure that your questions about this incident are answered so we have established a toll free number you can call to address your concerns. That number is 1-855-465-8882. You can also write us at 601 Center Ave, Grand Junction, CO 81501 or [email protected].

Despite there being no evidence that your records were accessed or that identity theft has occurred as a result of the incident, we have included the information enclosed as a resource for you. We sincerely regret that this incident has occurred and thank you for your understanding.

VVC’s notice and Bizmatic’s letter to them indicates that VVC was first notified in December 2015, and then again on March 30, 2016. There seems to be a long delay to notification of patients. I wonder what HHS/OCR will say about that, if anything.

No related posts.

Category: Health DataNon-U.S.Subcontractor

Post navigation

← Cybersecurity and Data Privacy: Proposed Legislation Would Substantially Expand and Strengthen New York’s Data Breach Notification Statute
Ca: Patient privacy breached at Credit Valley Hospital after health records ‘improperly accessed’ →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hunters International to provide free decryptors for all victims as they shut down (1)
  • SEC and SolarWinds Seek Settlement in Securities Fraud Case
  • Cyberattacks Disrupt Iran’s Bread Distribution, Payments Remain Frozen
  • Hacker with ‘political agenda’ stole data from Columbia, university says
  • Keymous+ Hacker Group Claims Responsibility for Over 700 Global DDoS Attacks
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • DOJ investigates ex-ransomware negotiator over extortion kickbacks
  • Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns
  • One in Five Law Firms Hit by Cyberattacks Over Past 12 Months
  • U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law
  • US healthcare offshoring: Navigating patient data privacy laws and regulations
  • Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones
  • Google Trackers: What You Can Actually Escape And What You Can’t
  • Oregon Amends Its Comprehensive Privacy Statute
  • Wisconsin Supreme Court’s Liberal Majority Strikes Down 176-Year-Old Abortion Ban

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.