Princeton Pain Management is notifying 4,668 patients of a hack that was detected on November 28. Although they found no evidence that data were removed from their system, protected health information (PHI) was accessed.
From their notification:
What Information Was Involved
We believe that this incident may have affected certain information stored in our systems including names, addresses, telephone numbers, dates of birth, Social Security or Medicare numbers, driver license or government identification numbers, medical and health insurance identifiers, and diagnostic and treatment information.
What We Are Doing
PPM takes the responsibility to safeguard the privacy and security of patient information very seriously. Upon learning of this incident, we promptly commenced an internal investigation and retained a computer forensics firm to assist in the investigation. Additionally, we have reconfigured various components of our network to enhance security and will be reviewing our security processes and updating system protections designed to help prevent this type of incident from recurring in the future.
Notification was made to HHS on January 27.