Arizona Pain Clinic Notifies 900K Patients, Providers and Employees about Information Security Incident | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Arizona Pain Clinic Notifies 900K Patients, Providers and Employees about Information Security Incident

August 17, 2016
by Heather Landi
| Reprints
Click To View Gallery

Phoenix-based Valley Anesthesiology and Pain Consultants is notifying 882,592 patients and all current and former employees and providers about an information security incident due to a third party possibly gaining unauthorized access to its computer systems.

The pain clinic, which is comprised of 300 anesthesiology and interventional pain management providers, posted a notice on its website regarding an incident involving patient information. According to that notice, on June 13, 2016, Valley Anesthesiology and Pain Consultants (VAPC) learned that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. “Upon learning of the situation, VAPC immediately began an investigation, including hiring a leading forensic firm, and notifying law enforcement,” the notice stated.

“The forensics firm found no evidence that the information on the computer system was accessed, but was unable to definitely rule that out,” the notice stated.

According to a press release that VAPC released August 12 about the same security incident, the computer systems may contain patient information, such as patient names, their providers' names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and in some instances, social security numbers.

For providers, the computer systems included credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information. For employees, the computer systems included names, dates of birth, addresses, social security numbers, bank account information and financial information, such as tax information.

The pain clinic also said that there is no evidence that any patient information was accessed or used inappropriately.

VAPC also stated in the press release that the organization is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.

The pain clinic also is offering free credit monitoring and identity protection services to those individuals whose social security numbers or Medicare numbers were included in the incident.

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Survey: Infrastructure, Interoperability Key Barriers to Global HIT Development

A new survey report from Black Book Research on global healthcare IT adoption and records systems connectivity finds nations in various phases of regional electronic health record (EHR) adoption. The survey results also reveal rapidly advancing opportunities for U.S.-based and local technology vendors.

Penn Medicine Opens Up Telehealth Hub

Philadelphia-based Penn Medicine has opened its Center for Connected Care to centralize the health system’s telemedicine activities.

Roche to Pay $1.9B for Flatiron Health

Switzerland-based pharmaceutical company Roche has agreed to pay $1.9 billion to buy New York-based Flatiron Health Inc., which has both an oncology EHR and data analytics platform.

Financial Exec Survey: Interoperability Key Obstacle to Value-Based Payment Models

Momentum continues to grow for value-based care as nearly three-quarters of healthcare executives report their organizations have achieved positive financial results from value-based payment programs, to date, according to a new study from the Healthcare Financial Management Association (HFMA).

Cerner, Children's National to Help UAE Pediatric Center with Health IT

Al Jalila Children's Specialty Hospital, the only pediatric hospital in the United Arab Emirates, has entered into an agreement with Washington, D.C.-based Children's National Health System to form a health IT strategic partnership.

Telemedicine Association Names New CEO

The American Telemedicine Association (ATA) has named Ann Mond Johnson its new CEO, replacing Jon Linkous who stepped down suddenly last August after 24 years as the organization’s CEO.