Family Practice Center, PC Announces Data Breach Affecting Patient’s Protected Health Information | Console and Associates, PC

On July 11, 2022, Family Practice Center, PC (“FPC”) filed a Data Security Incident Notice with the U.S. Department of Health and Human Services, Office for Civil Rights. Clearly, FPC “has suffered an attempted shutdown of its IT operations”, which has made some patient data accessible to an unauthorized party. Specifically, the following types of data were compromised as a result of the FPC breach: names, social security numbers, addresses, medical insurance information, and health and treatment information. Subsequently, FPC filed a formal notice of breach and sent data breach letters to all affected parties. An estimated 83,969 patients were affected by the Family Practice Center, PC data breach.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the Family Medicine Center data breach, please see our recent article on the subject. here.

What we know about the Family Medicine Center data breach

According to the notice provided on the FPC website, as well as information available on the U.S. Department of Health and Human Services, Office for Civil Rights data breach page, on October 11, 2021, FPC was the target of a cyberattack that attempted to shut down its computer systems. FPC reports that the attempt failed. However, because the company had reason to believe that the unauthorized party may have gained access to sensitive patient information, it launched an investigation into the incident.

On May 21, 2022, following its investigation, the Family Medicine Center confirmed that the affected files contained patient data. At this point, FPC has reviewed the compromised files to determine what information was compromised and which patients were affected. Although the information disclosed will vary depending on the individual, it may include your name, social security number, address, medical insurance information, and health and treatment information.

On July 11, 2022, the Family Medicine Center sent data breach letters to everyone whose information was compromised as a result of the recent data security incident. An estimated 83,969 patients were affected by the Family Practice Center, PC data breach.

More information about the Center for Family Medicine, PC

Family Practice Center, PC operates several full-service medical centers in central Pennsylvania and is based in Middleburg, PA. FPC provides a wide range of patient services including primary care, pediatric care, medical imaging, physiotherapy, occupational health, sleep medicine and skin care clinics. Family Practice Center operates over 30 locations in and around Harrisburg, PA, York, PA and Selinsgrove, PA. The Family Medicine Center employs over 750 people and generates approximately $150 million in annual revenue.

What is Protected Health Information?

The Family Practice Center, PC data breach affected a wide range of patient data, including social security numbers, insurance information, health information, and treatment information. Although FPC did not refer to this data as “protected health information” in its data breach notification, based on the company’s statements, the breach resulted in the leaking of the protected health information of affected patients. .

Protected health information is any identifying information relating to a patient’s medical condition or how a patient pays for their health care. For example, blood test results and insurance claim information can both be considered protected health information. However, health information is only taken into account protected if it contains at least one identifier. An identifier is additional data that can be used to identify a patient. Here are some common identifiers:

  • account numbers;

  • Any geographic identifier more specific than a state;

  • Biometric identifiers, including fingerprints;

  • processing dates;

  • Email addresses;

  • fax numbers;

  • Full name or surname with an initial;

  • Full-face images or other identifying photographs;

  • medical record numbers;

  • Telephone numbers; and

  • Social security numbers.

When protected health information is disclosed, anyone can use the data to identify the patient. While this is certainly alarming in itself, the real issues with healthcare data breaches aren’t the most obvious.

The consequences of a medical data breach not only interrupt your life, but can also put your physical health at risk. For example, by stealing a patient’s protected health information, they have enough information to commit identity theft against the patient. While any form of identity theft is serious, identity theft in healthcare is generally harder to solve and costs patients far more than traditional data breaches that only affect information. financial.

Indeed, in addition to the typical risks of fraud and unauthorized transactions, health data breaches endanger the physical health of patients. For example, a hacker can sell a patient’s data to a third party, who then uses the purchased data to obtain medical care on behalf of the victimized patient. In doing so, the “false patient” can provide the attending physicians with information about himself that will end up in the victim’s medical file. For example, a fake patient might give a surgeon a list of past medical procedures, allergies, or current medications. This may result in a patient’s medical record containing inaccurate information.

Healthcare data breaches pose very real risks, and those who fall victim to such a breach should ensure they take the necessary steps to protect themselves.

Comments are closed.