DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Valley Anesthesiology and Pain Consultants Notifying 882,590 Patients PLUS all Employees and Providers of Security Incident

Posted on August 12, 2016 by Dissent

If you can’t prove there was no access, the presumption is that it’s a reportable breach.

Today, Valley Anesthesiology and Pain Consultants (VAPC) announced that it is addressing a security incident involving certain patient, provider and employee information. VAPC is providing notice to approximately 882,590 patients, and all current and former employees and providers, who may have been affected by the incident and offering free credit monitoring and identity protection services to those individuals whose social security numbers or Medicare numbers were included in the incident.

On June 13, 2016, VAPC learned that a third party may have gained unauthorized access to VAPC computer systems on March 30, 2016. Upon learning of the situation, the group immediately began an investigation, including hiring a leading forensics firm to assist in the investigation and notifying law enforcement. The forensics firm found no evidence that the information on the computer systems was accessed, but was unable to definitively rule that out. The computer systems may contain patient information, such as patient names, their providers’ names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and in some instances, social security numbers. For providers, the computer systems included credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information. For employees, the computer systems included names, dates of birth, addresses, social security numbers, bank account information and financial information, such as tax information.

Currently, VAPC has no evidence that any of the information has been accessed or used inappropriately. However, the group is proactively reaching out to impacted individuals to provide guidance on how they can protect themselves. More information is available on VAPC’s website: https://www.valley.md/securityupdate. Individuals with questions should call 1-888-839-9460, 6 a.m. – 6 p.m. Pacific Time, Monday-Friday.

VAPC recognizes the importance of protecting the privacy and security of personal information, and regrets any inconvenience or concern this incident may cause. In addition to security safeguards already in place, VAPC is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.

About Valley Anesthesiology and Pain Consultants

Valley Anesthesiology and Pain Consultants is one of the nation’s premier providers of anesthesia and pain management services; a group of 300 anesthesiology and interventional pain management providers nationally recognized for its commitment to the highest standards of patient care, serving patients and their physicians throughout the Greater Phoenix area, since 1983. Valley Anesthesiology and Pain Consultants is a subsidiary of Sheridan Healthcorp, Inc., and part of the Physician Services division of AmSurg Corp.

SOURCE: Valley Anesthesiology and Pain Consultants

See their web site for updates.

Related posts:

  • HHS Office for Civil Rights Imposes a $1.19 Million Penalty Against Gulf Coast Pain Consultants for HIPAA Security Rule Violations
  • 2016: Healthcare data breaches in review, Part 1
Category: Health DataOf NoteU.S.

Post navigation

← Sabinsa sues former employee for data theft
Four years later, case still open in SC Dept. of Revenue data breach →

2 thoughts on “Valley Anesthesiology and Pain Consultants Notifying 882,590 Patients PLUS all Employees and Providers of Security Incident”

  1. Dawn says:
    August 16, 2016 at 8:31 pm

    I got a letter today. I’ve never heard of this company, I have NEVER seen a pain consultant, and I haven’t had surgery/anesthesia for over 20 years. I called to ask why I’m getting this letter and had to spell my name to the customer service person THREE TIMES and she still got my name wrong – my first name is only four letters long and very common, I have no idea why this was such a challenge for her. This seems a little suspicious to me – so very peculiar.

    1. Jim Dority says:
      August 18, 2016 at 3:43 am

      Did you ever have any kind of impatient or outpatient procedure or have a child at a hospital? Looks like anesthesiologists contract at different hospital or doctors offices. I’m guessing if they’ve been around 20 years, they still had your info.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.