Subcontractor Error Exposes 3,100 Alabama Patients' Medical Data
A billing vendor's IT subcontractor mistakenly stored files on an unsecured server.
Billing vendor PracMan recently began notifying several clients' patients that their personal and medical information may have been exposed when an IT subcontractor mistakenly copied and stored files on an unsecured server (h/t PHIprivacy.net).
The breach, which was discovered on January 10, 2014, took place in August of 2013.
The file in question contained patients' protected health information (PHI), including names, patient account numbers, addresses, phone numbers, birthdates, dates of service and insurance policy numbers. In some cases, medical information was also exposed, and in 69 cases, Social Security numbers were exposed.
The Decatur Daily reports that a total of 3,100 patients at 25 to 30 clinics and doctors' offices are affected, including patients of Punuru J. M. Reddy, M.D., and Monarch Women's Health.
PracMan is offering one free year of credit monitoring services to all patients who birthdates and Social Security numbers were exposed.
"We go to great lengths to maintain the security of patient data, and we take that responsibility very seriously," PracMan President Julian Price III said in a statement. "We have worked with our subcontractor not only to remove the data in question, but to understand fully how the breach occurred and to ensure this does not happen again."
Patients with questions are advised to contact (844) 202-5907.
Photo courtesy of Shutterstock.