In July, DataBreaches.net reported on a leak it had discovered in June. On September 17, Medico of South Carolina reported a breach to HHS that reportedly impacted 6,489 patients. On December 11, they issued a press release that appears to be related to the same incident.
Medico of South Carolina “(Medico”) is a medical billing company for covered entities. On September 16, 2019, Medico mailed letters to some individuals potentially affected by a security incident.
On June 20, 2019, a security research firm notified Medico that a computer server it uses to store medical information was accessible over the internet. Upon learning of this, Medico immediately began an investigation and terminated all access to the affected server.
A thorough investigation was conducted to determine what happened, who was impacted, and what information may have been affected. This investigation determined the incident was caused by an employee who inadvertently misconfigured the settings, which caused the server to be temporarily accessible from the internet. While Medico has no evidence that the server was accessed by anyone other than the security research firm and Medico employees, the server was used to store information related to patient care, including name, address, date of birth, insurance ID, and physician’s name and address. Social Security numbers and financial information were not stored on the affected server.
At this time, Medico has no evidence that the affected individuals’ information has been misused. However, in an abundance of caution, Medico mailed letters to the potentially affected individuals and established a dedicated phone line for individuals to call with any questions. We recommend that you view the statements you receive from your healthcare provider and insurer. If you see services that you did not receive, please notify the provider immediately.
Individuals who believe they are affected by this incident but who did not receive a letter are encouraged to call 855-939-0542, Monday through Friday, 9:00 a.m. to 9:00 p.m. Eastern Standard Time. To help prevent a similar incident from happening in the future, Medico has reconfigured the server so that this information is no longer accessible from the internet and added additional security to its internet-based storage platforms. Medico is also providing additional and ongoing staff data security training and reviewing existing security and privacy policies to enhance the security protections it already has in place.
Medico deeply regrets any inconvenience caused by this incident.
About Medico of South Carolina
Medico of South Carolina is a 20+ year old healthcare technology and management company based in South Carolina. For more information, call 1-803-233-7876, email [email protected], or visit https://medicoinc.com/.
SOURCE Medico of South Carolina
