A McKesson subsidiary providing billing services suffered a breach that exposed more than 10,000 patients' information on Internet search engines.
PST Services unintentionally made patient records available that were accessible "using very specific Google search terms," according to notice posted on one of the affected provider's website.
The breach affected more than 10,000 patients at Alpharetta, Ga.-based 24 On Physicians, and 680 patients at Midwest Orthopaedic Center in Peoria, Ill., according to HHS' breach database.
Compromised information includes billing information, patient names, insurance information, diagnosis codes and some Social Security numbers.
McKesson issued the following comment to Becker's Hospital Review:
"We are aware of an incident that may have unintentionally made patient information accessible between Dec. 1, 2013 and April 17, 2014. McKesson immediately took action to protect the patient information, and the issue was resolved. Except for the patient that brought this to our attention, to the best of our knowledge, no other patient information was ever accessed."
More articles on data breaches:
Cook County hospital system reports data breach
Business associates: A greater security threat than hackers
Aventura Hospital and Medical Center reports breach affecting 82k patients