If you can’t prove there was no access, the presumption is that it’s a reportable breach.
Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who may have been affected by the incident and offering free credit monitoring and identity protection services to those individuals whose social security numbers or Medicare numbers were included in the incident.
On June 13, 2016, VAPC learned that a third party may have gained unauthorized access to VAPC computer systems on March 30, 2016. Upon learning of the situation, the group immediately began an investigation, including hiring a leading forensics firm to assist in the investigation and notifying law enforcement. The forensics firm found no evidence that the information on the computer systems was accessed, but was unable to definitively rule that out. The computer systems may contain patient information, such as patient names, their providers’ names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and in some instances, social security numbers. For providers, the computer systems included credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information. For employees, the computer systems included names, dates of birth, addresses, social security numbers, bank account information and financial information, such as tax information.
Currently, VAPC has no evidence that any of the information has been accessed or used inappropriately. However, the group is proactively reaching out to impacted individuals to provide guidance on how they can protect themselves. More information is available on VAPC’s website: https://www.valley.md/securityupdate. Individuals with questions should call 1-888-839-9460, 6 a.m. – 6 p.m. Pacific Time, Monday-Friday.
VAPC recognizes the importance of protecting the privacy and security of personal information, and regrets any inconvenience or concern this incident may cause. In addition to security safeguards already in place, VAPC is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.
About Valley Anesthesiology and Pain Consultants
Valley Anesthesiology and Pain Consultants is one of the nation’s premier providers of anesthesia and pain management services; a group of 300 anesthesiology and interventional pain management providers nationally recognized for its commitment to the highest standards of patient care, serving patients and their physicians throughout the Greater Phoenix area, since 1983. Valley Anesthesiology and Pain Consultants is a subsidiary of Sheridan Healthcorp, Inc., and part of the Physician Services division of AmSurg Corp.
SOURCE: Valley Anesthesiology and Pain Consultants
I got a letter today. I’ve never heard of this company, I have NEVER seen a pain consultant, and I haven’t had surgery/anesthesia for over 20 years. I called to ask why I’m getting this letter and had to spell my name to the customer service person THREE TIMES and she still got my name wrong – my first name is only four letters long and very common, I have no idea why this was such a challenge for her. This seems a little suspicious to me – so very peculiar.
Did you ever have any kind of impatient or outpatient procedure or have a child at a hospital? Looks like anesthesiologists contract at different hospital or doctors offices. I’m guessing if they’ve been around 20 years, they still had your info.