Podiatry office hack puts 40,000 patient records and PHI at risk

A Connecticut podiatry office has notified 40,491 patients that cybercriminals may have compromised their protected health information by accessing its EHR database.

Stamford Podiatry Group P.C. said in a letter to its patients that an unauthorized third party gained access to its computer systems February 22, 2016. The breach lasted until April 14, 2016, when it was discovered and closed.

EHR data potentially accessed includes names, addresses, dates of birth, email addresses, telephone numbers, Social Security numbers, health insurance information, names of treating and referring physicians, and patients' gender and marital status. Medical histories, diagnoses, and details of treatments were also stored in the EHR database and may have been accessed as well.

"Although we have not been able to confirm that your personal information was accessed and copied, we have not been able to rule out that possibility and encourage you to take protective measures," Stamford Podiatry wrote.

[Also: Hackers demand second ransom in Kansas Heart Hospital ramsomware attack]

The group hired external computer forensics experts to assist with the investigation and has since retained them to provide continued cybersecurity assistance.

Stamford Podiatry Group explained that an investigation determined there is no evidence to suggest that data was actually viewed or copied and it has not received any reports of patients' information being used inappropriately.

To help protect patients' identity, Stamford Podiatry Group has offered all affected patients a free one-year enrollment in the Equifax Credit Watch credit monitoring service. The service provides regular notifications and alerts, 24/7 customer service, credit monitoring services and insurance against identity theft.

Stamford Podiatry also recommended that patients monitor their accounts carefully for signs of fraudulent activity. 

Twitter: @HC_Finance