Precision Spine Care said hackers attempted to siphon company funds after accessing employee email account

Precision Spine Care, a Texas-based spinal care center, has warned of a potential data breach after an unauthorized individual gained remote access to an employee’s email account in an attempt to fraudulently divert funds from the organization.

The company, which has facilities in the cities of Tyler, Longview, Lufkin, Texarkana, and Nacogdoches, has become one of the first US healthcare companies to flag a potential data breach in 2021, in line with HIPAA requirements.

“Although there is no indication that any information was accessed, in an abundance of caution, we have taken steps to notify all potentially affected individuals and to provide resources to assist you,” Precision Spine Care told patients in a recent security alert.


Read more of the latest US cybersecurity news


While the healthcare organization said the attacker’s attempt to defraud the company was unsuccessful, a subsequent investigation led to the discovery that “personal information within the email account… could have been accessed”.

The company added: “Our investigation revealed that the [employee’s] email account may have contained information relating to some patients’ names, addresses, dates of birth, and limited health information.

“While we have no indication that this information was viewed by the unauthorized individual(s), we are notifying you because we cannot conclusively rule out that possibility.”

In addition to the prominent security alert on its website, Precision said patients were being notified of the incident via mail.

A filing on the US Department of Health and Human Services’ breach portal indicates that just over 20,000 individuals are potentially impacted.

The Daily Swig has contacted Precision Spine Care with follow-up questions.


READ MORE GenRx Pharmacy ransomware attack leads to HIPAA data breach disclosure