In a statement on the company’s website, InterMed said it discovered in September that an unauthorized third party had gained access to four employee email accounts. Upon investigation, InterMed could not determine what messages or attachments were viewed.
Patient data that may have been exposed included names, dates of birth, health insurance information and clinical information. A limited number of Social Security numbers may have also been exposed. The unauthorized third party did not again access to InterMed’s EHR.
“We deeply regret any concern this may cause. The health and safety of our patients — including the safety of patient data — is our top priority. To help prevent something like this from happening again, we are enhancing our adherence to email best practices,” InterMed said in a Nov. 4 statement.
More articles on cybersecurity:
DeepThink Health, VScript left thousands of patients’ info exposed online
Hackers try to divert payments to telemedicine company into fraudulent bank accounts
Texas lab alerts 16,000 patients of data breach
