Arizona Pain Clinic Notifies 900K Patients, Providers and Employees about Information Security Incident | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Arizona Pain Clinic Notifies 900K Patients, Providers and Employees about Information Security Incident

August 17, 2016
by Heather Landi
| Reprints
Click To View Gallery

Phoenix-based Valley Anesthesiology and Pain Consultants is notifying 882,592 patients and all current and former employees and providers about an information security incident due to a third party possibly gaining unauthorized access to its computer systems.

The pain clinic, which is comprised of 300 anesthesiology and interventional pain management providers, posted a notice on its website regarding an incident involving patient information. According to that notice, on June 13, 2016, Valley Anesthesiology and Pain Consultants (VAPC) learned that a third party may have gained unauthorized access to the VAPC computer systems on March 30, 2016. “Upon learning of the situation, VAPC immediately began an investigation, including hiring a leading forensic firm, and notifying law enforcement,” the notice stated.

“The forensics firm found no evidence that the information on the computer system was accessed, but was unable to definitely rule that out,” the notice stated.

According to a press release that VAPC released August 12 about the same security incident, the computer systems may contain patient information, such as patient names, their providers' names, dates of service, places of treatment, names of health insurers, insurance identification numbers, diagnosis and treatment codes, and in some instances, social security numbers.

For providers, the computer systems included credentialing information, such as names, dates of birth, social security numbers, professional license numbers, Drug Enforcement Agency (DEA) numbers, National Provider Identifiers (NPIs), as well as bank account information and potentially other financial information. For employees, the computer systems included names, dates of birth, addresses, social security numbers, bank account information and financial information, such as tax information.

The pain clinic also said that there is no evidence that any patient information was accessed or used inappropriately.

VAPC also stated in the press release that the organization is taking steps to enhance the security of its computer systems in order to prevent this type of incident from occurring again in the future. These steps include reviewing its security processes, strengthening its network firewalls, and continuing to incorporate best practices in IT security.

The pain clinic also is offering free credit monitoring and identity protection services to those individuals whose social security numbers or Medicare numbers were included in the incident.

Get the latest information on Cybersecurity and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Former Michigan Governor to Serve as Chair of DRIVE Health

Former Michigan Governor John Engler will serve as chair of the DRIVE Health Initiative, a campaign aimed at accelerating the U.S. health system's transition to value-based care.

NJ Medical Group Launches Statewide HIE, OneHealth New Jersey

The Medical Society of New Jersey (MSNJ) recently launched OneHealth New Jersey, a statewide health information exchange (HIE) that is now live.

Survey: 70% of Providers Using Off-Premises Computing for Some Applications

A survey conducted by KLAS Research found that 70 percent of healthcare organizations have moved at least some applications or IT infrastructure off-premises.

AMIA Warns of Tax Bill’s Impact on Graduate School Programs in Informatics

Provisions in the Republican tax bill that would count graduate student tuition waivers as taxable income would have detrimental impacts on the viability of fields such as informatics, according to the American Medical Informatics Association.

Appalachia Project to Study Relationship Between Increased Broadband Access, Improved Cancer Care

The Federal Communications Commission and the National Cancer Institute have joined forces to focus on how increasing broadband access and adoption in rural areas can improve the lives of rural cancer patients.

Survey: By 2019, 60% of Medicare Revenues will be Tied to Risk

Medical groups and health systems that are members of AMGA (the American Medical Group Association) expect that nearly 60 percent of their revenues from Medicare will be from risk-based products by 2019, according to the results from a recent survey.