Connexin Software, a business associate to numerous pediatric practices, recently notified HHS that it experienced a breach that affected 2,216,365 patients.
One thing DataBreaches noted with interest in their substitute notice below is their statement that an unauthorized individual was able to access an offline set of patient data used for data conversion and troubleshooting. If the data set was offline, how did the attacker gain access to it? Nor does the notice indicate whether Connexin ever received any ransom demand.
The following is their statement and list of covered entities for whom they are providing notice to patients. Some of Connexin’s clients may have decided to do provide their own notifications, so the 2.2 million number may not be not the grand total for those affected:
Connexin Software, Inc. (Connexin), a provider of electronic medical records and practice management software, billing services, and business analytic tools to pediatric physician practice groups, is providing notice that an unauthorized third party was able to gain access to an internal computer network. The live electronic medical record was not accessed and the incident did not affect any pediatric practice groups’ systems, databases, or medical records system at all.
On August 26, 2022, Connexin detected a data anomaly on our internal network. We immediately launched an investigation and engaged third-party forensic experts to determine the nature and scope of the incident. On September 13, 2022, we learned that an unauthorized party was able to access an offline set of patient data used for data conversion and troubleshooting. Some of that data was removed by the unauthorized party. The live electronic record system was not accessed in this incident, and the incident did not involve any physician practice group’s systems, databases, or medical records system at all. Connexin is not aware of any actual or attempted misuse of personal information as a result of this event.
The patient information may have included: (1) patient demographic information (such as patient name, guarantor name, parent/guardian name, address, email address, and date of birth); (2) Social Security Numbers (“SSNs”), (3) health insurance information (payer name, payer contract dates, policy information including type and deductible amount and subscriber number); (4) medical and/or treatment information (dates of service, location, services requested or procedures performed, diagnosis, prescription information, physician names, and Medical Record Numbers); and (5) billing and/or claims information (invoices, submitted claims and appeals, and patient account identifiers used by your provider). Please note that not all data fields may have been involved for all individuals. Information of a parent, guardian, or guarantor may also have been impacted by the incident.
Data security is very important to us. As soon as we discovered the incident, we immediately took action to stop the unauthorized activity. This included a password reset of all corporate accounts and moving all patient data used for data conversion and troubleshooting into an environment with even greater security. Connexin also retained a third-party cybersecurity forensic firm to investigate the issue and is working with law enforcement to investigate the incident. In response to this incident, Connexin has enhanced its security and monitoring as well as further hardened its systems as appropriate to minimize the risk of any similar incident in the future.
The enclosed Reference Guide includes additional information on general steps you can take to monitor and protect your child’s personal information. We encourage you to carefully review credit reports and statements sent from providers as well as your insurance company to ensure that all account activity is valid; any questionable charges should be promptly reported to the provider’s billing office, or for insurance statements, to your insurance company.
If your child’s SSN was impacted, Connexin has arranged to offer your child identity monitoring services for a period of one year, at no cost to you, through Kroll (our third party vendor). You have 6 months from the date of your notice letter to activate these services, and instructions on how to activate these services are included in your notice letter.
Individuals who may have been impacted by this event are being mailed notices. Since it is possible there may be insufficient or out-of-date contact information for some individuals whose information was impacted, this notice is also accessible via Connexin’s website at https://www.officepracticum.com/substitute-notice/ and the affected physician practice groups’ websites, consistent with HIPAA.
If you have any questions about this matter or would like additional information, please refer to the enclosed Reference Guide, or call toll-free 855-532-0912. This call center is open from 8:00am – 5:30pm CT, Monday through Friday, excluding some U.S. holidays.
We sincerely regret and apologize that this incident occurred. Connexin takes the security of personal information seriously, and we will continue to work diligently to protect the information entrusted to us.
This notice is being provided on behalf of the following physician practices/practice groups:
| ABC Pediatrics Practice, PC
Academy Pediatrics, PA Advanced Care Pediatric Centre, PLLC Alice Tanner, M.D., PC All Star Pediatrics, LLC Angel Kids Pediatrics Arlington Pediatric Partners, PLLC d/b/a Kids Docs Pediatrics Ascension Medical Group f/k/a Pediatric Associates, PA August Pediatrics, PA Austex Pediatrics, PA Bristow Pediatrics, PLLC Cecilia A Nwankwo, M.D. FAAP, PC Carolina Pediatrics and Adolescent Care, PA Casey Thomas Mulcihy Austin Texas, PA Central Coast Pediatrics, Inc. Children’s Clinic, Ltd. Children’s Health Center of Columbus, Inc. Children’s Health of Ocala, PA Children’s Mercy – Pediatric Partners, Inc. Children’s Mercy – Shawnee Mission Pediatrics Children’s Pediatric Center Northside, LLC Community Pediatrics, SC Cordova Pediatrics, PLLC Crockett Kids Pediatrics, PC Discovery Pediatrics, Inc. Dr. Michael J Ulich Pediatrics, LLC Drexel Hill Pediatric Associates, PC Eastern Carolina Pediatrics, PA Eastern Shore Children’s Clinic, PC Ekta Khurana, M.D., PLLC Emily B. Vigour, M.D., LLC d/b/a Vigour Pediatrics Ennis Pediatric and Adolescent Health Care, PA Forest Hill Pediatrics, LLC MD Fox Pediatrics, PLLC Fraser-Branche Medical, PLLC Gaurang Patel, M.D., LLC Gold Pediatrics, PA Goldsboro Pediatrics, PA Goodlettsville Pediatrics, PC Graham Pediatrics of Woodstock, LLC Great Bend Children’s Clinic, PA Harbor Pediatrics, PS Hatboro Pediatrics, PC Hawthorne Pediatrics, LLC Hebron Pediatrics, LLC Heights Pediatrics, PC Helena Pediatric Clinic, PC Holmdel Pediatrics, LLC Honeygo Pediatrics, LLC Jackson Pediatric Associates, PA Jaleh Niazi, M.D., PC d/b/a New Day Pediatrics James A. Weidman, AMC Jose F. Alvarado & Associates, PA Kate Bowers, M.D., PLLC d/b/a Firefly Pediatrics Kerrville Pediatrics, PLLC Kids First Pediatric Care, PA Kids Kare Pediatrics, PLLC Kids World Pediatrics, LLC
|
Kidswood Pediatrics, Inc.
Kidzcare Pediatrics, PC KION Pediatrics, PLLC Kressly Pediatrics, PC Lilac City Pediatrics, PA Madison Pediatric Associates, PC Maria Luisa Lira, M.D., PA Mariano D. Cibran, M.D., Inc. d/b/a St. Petersburg Pediatrics Maryland Pediatric Care, LLC Maryvale Pediatric Specialists, LLC Mayura Madani, M.D., PLLC McComb Children’s Clinic, Ltd. Northeast Pediatric Night Clinic, Inc. Oregon City Pediatrics Orland Children’s Center, Inc. Passaic Pediatrics II, PA Pediatric Associates, PSC Pediatric Associates of Lawrenceville, LLC Pediatric Care Center No. 2, Inc. Pediatric Center for Wellness, PC Pediatric Health Center of El Paso Pediatric Healthcare Associates of McKinney Pediatric Medicine of Cartersville, PC Pediatric MultiCare West, LLC Pediatric Physicians of Reston, PC Pediatrics East, PC Peds First Pediatrics Pensacola Pediatrics PA Petoskey Pediatrics PC Phillips Pediatrics, PC Premiere Pediatrics, PLLC QC Kidz Pediatrics, PLLC Rachel Z. Chatters, M.D., Inc Raleigh Group, PC Rankin Children’s Group, PLLC Raza Ali, MD, PC Reading Pediatrics, Inc. Renaissance Pediatrics, P.C. Ruth Agwuna, M.D. Samuel R Williams, M.D., PA San Marino Pediatric Associates SchoolCare, Inc. f/k/a CareDox, Inc. SCS LLC d/b/a Bayshore Pediatrics Sistema Infantil Teleton USA, Inc. a/k/a CRITS South River Pediatrics, LLC Springfield Medical, LLC Sumter Pediatrics, LLC Texoma Pediatrics, PLLC The Pediatric & Adolescent Clinic, Inc. The Pediatric Center of Frederick, LLC Thomasville-Archedale Pediatrics, PLLC Thompson River Pediatrics and Urgent Care, LLC Valley Children’s Medical Group Virginia Pediatric Group, Ltd. Watch Us Grow Pediatrics, PC We Care Pediatrics, PC Wee Tots Pediatrics, PA Westview Pediatric Care, LLC Winsted Pediatrics Yazji Pediatrics Zero Pediatrics, PLLC |