Arkansas Methodist Medical Center in Paragould notified patients Oct. 29 that its third-party lockbox service experienced an IT security breach that potentially exposed their protected health and banking information.
Five details:
1. The center has a lockbox service for collecting and processing patient payments with Iberia Bank, which uses Technology Management Resources as a third-party lockbox service provider to process the payments and capture payment data for items received in the lockbox.
2. Technology Management Resources discovered July 30 that one of its employee's user accounts was compromised and that someone may have viewed images of checks and related images containing protected health information of the medical center's patients.
3. Technology Management Resources alerted the center of the incident Aug. 24.
4. The breach activity occurred between Aug. 5, 2018, and May 31, 2020, with the bulk of activity occurring between February and May 2020.
5. Patient information exposed as a result of the incident includes names, addresses, checking account number and routing numbers.