Cape Girardeau, Mo.-based SoutheastHealth may have had some of its patients' protected health information compromised due to it being caught up in the Fortra data breach, which has affected multiple health systems, KFVS12 reported June 21.
In January, hackers infiltrated billing company IntelliHARTx, or iTx, and its file transfer provider, Fortra. ITX Healthcare said it works with the health system and sent letters to some of its patients stating that their Social Security numbers and medical records may be at risk.
SoutheastHealth told the publication that it "learned of this potential security issue from a patient who informed us of receiving a letter from billing vendor ITX," and that the breach did not occur within its IT infrastructure.
"SoutheastHealth has no current business relationship with this vendor," the health system said.
"In a follow-up with ITX, the vendor could not confirm having sent any formal notification of this potential breach to SoutheastHealth. Doing so is a requirement based on the HIPAA Breach Notification Rule," the hospital told the publication.
The health system recommends any patients who receive a data breach letter from the vendor follow its instructions.
The hack on Fortra, which Russian ransomware gang Clop has claimed credit for, has also affected nearly 1 million patients at Franklin, Tenn.-based Community Health Systems, more than 25,000 at Pittsburgh-based UPMC, an unknown number of patients at University of Toledo (Ohio) Medical Center, and 203,000 patients at Springfield, Mo.-based CoxHealth.