Unauthorized intruder exfiltrated personal data over a six-day period
More than half a million patients have been impacted by a data breach at US healthcare provider Texas Ear, Nose and Throat Specialists (Texas ENT).
After learning of a security compromise on October 19, Texas ENT “determined that unauthorized parties gained access to our computer systems and took copies of Texas ENT files between August 9, 2021 and August 15, 2021”, reads a security alert (PDF) from the healthcare specialist.
The breached data includes patient names, dates of birth, medical record numbers, procedure codes used for billing purposes, and, for only “a limited number of files”, Social Security numbers.
Catch up with the latest healthcare breaches and security news
The unauthorized intruders did not access the company’s electronic medical records system, Texas ENT stressed.
Texas ENT notified the US Department of Health and Human Services on December 10
that 535,489 individuals were potentially impacted by the breach, which makes it the biggest data breach reported to the agency in December so far.
Urging vigilance
Texas ENT provides specialist care for all ear, nose, and throat problems at 15 locations in Harris and the surrounding counties.
Data breach notification letters were mailed to affected individuals on December 10, the healthcare provider said.
It also urged patients to be vigilant about fraudsters in the wake of the breach: “It is always advisable to review the statements from healthcare providers for accuracy, and we recommend contacting your provider if you see services that were not received”, the organization advised.
READ MORE Web security bugs discovered in CATIE assisted living framework
Texas ENT said it is offering complimentary identity monitoring services to victims whose Social Security numbers were compromised.
“We take patient privacy very seriously and we regret any inconvenience this incident may cause our patients and their families,” said Texas ENT.
“To help prevent something like this from happening again, we are further strengthening our existing privacy and information security program by implementing additional safeguards and technical security measures to protect and monitor our systems.”
The Daily Swig has contacted Texas ENT and invited the company to comment further. We will update the story if they choose to do so.
RELATED Desjardins data breach: Class action lawsuit agreement reaches $201 million