Minnesota healthcare provider hit by cyber-attack

Data breach at US physical therapy center impacts more than 6,500 patients

A data breach at a physical therapy center based in the US has breached the personal data of more than 6,500 patients.

Viverant PT, based in Minneapolis, Minnesota, said that the personally identifiable information (PII) of current and former patients and employees was affected in the breach.

A wealth of healthcare information is reported to have been leaked, including patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers.

Other potentially accessed data includes diagnostic or treatment information, payment card numbers with passwords or security codes, health insurance information, financial account numbers with or without passwords or routing numbers, and digital signatures.

Suspicious emails

In a statement, the center said that it became aware of an issue in March 2021 after “suspicious emails” were sent from an employee’s account.

“Once aware of the incident, we immediately investigated the matter and took measures to address and contain the incident, including changing passwords, enacting stricter authentication requirements, conducting employee trainings, and retaining national privacy and security experts,” the center wrote.

Read more of the latest data breach news

The center said that there is “no indication that any information was individually accessed or misused in any way”.

Although the data breach was discovered in March 2021, the incident has only just appeared on the US Department of Health and Human Services’ HIPAA breach portal.

The Daily Swig has reached out to Viverant to ask about this apparent delay.

Credit monitoring

Viverant is offering free credit monitoring services for anyone suspected to be affected and has urged potential victims to be “vigilant” in monitoring their financial accounts.

The incident has been reported to “relevant government agencies”, the healthcare provider confirmed.

YOU MAY ALSO LIKE US policy change states healthcare apps must follow data breach notification rules