The imaging group learned of the incident in December and launched an investigation, which found that its medical records vendor’s IT infrastructure had security vulnerabilities that allowed unauthorized individuals to access the patient information between July 2019 and December 2020.
Patient information accessed included names, dates of births, study dates and types of imaging procedures performed, according to a Feb. 15 news release.
Sutter Buttes said it closed certain firewall ports to prevent future unauthorized access and began working with third-party IT consultants to increase its security controls.
More articles on cybersecurity:
Wyoming health system accidentally emails personal health info of 900 patients
HIPAA Right of Access cases surpass $1M –16 providers that have paid settlements
30 popular mobile health apps vulnerable to cyberattacks, PHI exposur