The exposed data includes patient names, Social Security numbers, birthdates, phone numbers and home addresses. No treatment or financial information was exposed, according to Advantage.
Advantage compliance manager Jeff Dover told The Bulletin that the hackers leveraged malware to obtain an Advantage employee’s user name and password for the company’s membership database, which is separate from the company’s database for financial and treatment information.
“Unfortunately this happened,” Dover said. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”
All those affected are being offered two years of free access to Experian’s ProtectMyID Elite service.
The hacker had access to the database from February 23 to February 26, 2015, when the company’s IT team detected the breach. “In other situations, hackers are running around in these databases for months on end,” Dover noted.
In response to the breach, Advantage is no longer allowing access to its internal patient database from computers that aren’t physically located within its clinics or its headquarters.
Breaches like these can have a significant impact on a medical practice — according to a recent Software Advice survey, 54 percent of patients surveyed said they would be “moderately likely” or “very likely” to change doctors following a data breach.
Still, 37 percent said they would stick with their doctors after a breach if their doctor provided specific examples of how the practice’s security policies and procedures had improved following the indicent.
The survey also found that 45 percent of patients are “moderately concerned” or “very concerned” about a security breach involving their personal health information, and 21 percent say they withhold personal health information from their doctors due to data security concerns.