Bay Area Children's Association, a mental health agency based in San Jose, Calif., is notifying patients that unauthorized persons acquired some patients' medical records.
According to the notification letter, the cyber attackers may have installed malware on BACA's EMR provider's system in January 2015. The attackers likely stole credentials and accessed the vendor's systems. The notification letter does not identify the vendor.
BACA said they cannot confirm which records were compromised, so the agency is notifying all patients whose records are on the affected system.
Compromised information includes names, addresses, telephone numbers, birth dates, Social Security numbers and medical insurance. Some health visit information may also be compromised.
Currently, BACA reports no evidence of fraudulent use.
"We have been assured that our electronic record provider has thoroughly investigated the matter and has done everything it can to hardened [sic] its firewall and network configurations," according to the letter.
More articles on data breaches:
Gmail, Hotmail, Yahoo email users may be part of 272M breached data theft
Kaiser health plan reports breach affecting 2,400 members due to stolen mail truck
Couple pleads guilty to IRS breach affecting 700,000+ taxpayers