A healthcare clinic based in Missouri has informed US regulators of a data breach incident affecting more than 90,000 individuals.
Mattax Neu Prater Eye Center announced the breach at the end of June, however the incident took place in December 2021.
According to HIPAA, 92,361 individuals were impacted by the breach.
Mattax Neu Prater, which provides surgical and non-surgical care, said that the “third -party data security incident” may have resulted in unauthorized access to the sensitive personal information of some patients.
Third-party leak
The incident concerns electronic medical records platform myCare Integrity, which is owned by the practice performance company Eye Care Leaders.
According to Eye Care Leaders, on or around December 4, 2021, an unauthorized party accessed myCare Integrity data and deleted databases and system configuration files.
After discovering the suspicious activity, Eye Care Leaders said its incident response team immediately stopped the unauthorized access and began investigating.
“Notably, there was no evidence that this incident involved unauthorized access to any of Mattax Neu Prater’s patient records,” a statement from the clinic reads.
“This incident has affected eye care practices across the country, and is not specific to Mattax Neu Prater.
“This data security incident occurred entirely within Eye Care Leaders’ network environment, and there were no other remedial actions available to Mattax Neu Prater.”
The center added: “However, a lack of available forensic evidence prevented Eye Care Leaders from ruling out the possibility that some protected health information and personally identifiable information may have been exposed to the bad actor.”
Mattax Neu Prater said it does not have any evidence of identity theft as a result of the incident, but has informed anyone who might be impacted via postal mail.
Source: https://portswigger.net/daily-swig/us-eye-clinic-suffers-data-breach-impacting-92-000-patients