News

Primary Care Clinic Network Suffers Healthcare Data Breach, 233K Impacted

A Texas-based network of primary care clinics, Family Health Centers, suffered a healthcare data breach involving unauthorized access to some PHI.

Jill McKeon
By
Published: 29 Sep 2022

Texas-based Family Health Centers (FMC), which operates a network of four primary care clinics in Amarillo and Canyon, disclosed a healthcare data breach to HHS. The breach impacted 233,948 individuals in total.

According to a notice on its website, FMC discovered suspicious network activity on July 26 and stopped the incident the same day. FMC said it immediately engaged independent IT security and forensic specialists to investigate the incident.

The investigators have not found evidence that any information has been specifically accessed but could not rule out the possibility. The incident potentially impacted names, mailing addresses, Social Security numbers, dates of birth, and protected health information (PHI).

“We take the security of all information in our control very seriously, and are continuously improving the security of our network environment by monitoring the evolving cyber security landscape and taking appropriate actions,” the notice stated.

“Although we are unaware of any misuse of anyone’s personal information, to help relieve concerns and restore confidence following this incident, we have secured the services of Kroll to provide identity monitoring, at no cost, to affected individuals.”

TN Family Walk-In Clinic Data Security Incident Impacts 58K

Tennessee-based Dryersburg Family Walk-In Clinic, which does business as Reelfoot Family Walk-In Clinic, suffered a data security incident that resulted in information being taken from its systems. According to a notice provided to the Maine Attorney General’s Office, the incident impacted 58,562 individuals.

Reelfoot first detected suspicious activity on July 24 and engaged a third-party forensics specialist. Despite the July 24 discovery, the practice later determined that an unauthorized party had accessed its systems from July 10 to August 14 and had taken certain data. Reelfoot completed its investigation in mid-September.

The information implicated in the incident included names, dates of birth, Social Security numbers, addresses, lab results, disability codes, diagnoses, medications, medical records, driver’s license numbers, claims information, financial account numbers, patient IDs, and other billing information.

“Following this incident, Reelfoot took immediate steps to improve the security of its environment and increase its information security posture,” Reelfoot explained. 

“Reelfoot is working to add further technical safeguards to its systems in addition to robust existing security measures to protect the information it maintains.  As part of its health information privacy and security program, Reelfoot will continue to train and educate its employees about information privacy and security best practices.”

Physician’s Business Office Notifies 196K of April Breach

Physician’s Business Office (PBO), which offers revenue cycle management, practice management, and other administrative services to healthcare, suffered a data breach that impacted 196,573 individuals.

PBO discovered unusual network activity in April 2022, a notice on its website stated. The organization said it took steps to secure its network and notified impacted healthcare providers on July 26. PBO began notifying patients of the incident in mid-September.

During the incident, an unauthorized party accessed and potentially acquired certain PHI. The data potentially included names, addresses, Social Security numbers, driver’s license numbers, diagnosis information, prescription codes, and health insurance account information.

“The privacy and protection of personal information is a top priority for PBO and we deeply regret any inconvenience this incident may cause,” the notice stated.

Next Steps

Dig Deeper on Healthcare data breaches

xtelligent Health IT and EHR
xtelligent Healthtech Analytics
Close