Medical Colleagues of Texas, a physicians’ group in Katy, TX., has discovered an unauthorized individual gained access to its system containing the records of more than 68,000 patients.
The exact nature of the incident has not been disclosed and an investigation into the security breach is ongoing. The physicians’ group was unaware how access was gained to its systems at the time of posting the breach notice; however, the investigation into the breach has determined that personnel files and patient medical records have potentially been accessed. Data stored on the compromised system include patients’ names, addresses, Social Security numbers, and health insurance information.
The intrusion was first detected on March 8, 2016 when an office employee noticed unusual activity on the computer network of the obstetrics group. The activity was determined to be caused by an unauthorized individual who had gained remote access to the network.
A computer forensics firm was called in to investigate the security breach. An attorney for the Medical Colleagues of Texas, Lindsay Nickle, issued a statement saying the network has been cleaned and secured and external access to the network has been blocked.
The incident has been reported to law enforcement which is participating in the investigation and the breach was reported to the Department of Health and Human Services’ Office for Civil Rights on May 11, 2016. The OCR report indicates 68,631 patients were impacted by the security breach.
All affected patients have now been notified by mail and have been offered complimentary credit monitoring services through Experian.
In response to the breach, Medical Colleagues of Texas has improved its firewall and implemented two-factor authentication controls for remote access to its systems. Changes have also been made to the computer network to improve security, policies and procedures have been updated, and staff have received additional training on data security.