A prosthetic and orthoic company with locations in Missouri and Illinois has reported a data breach after a hacker gained access to electronic patient medical records.
Prosthetic & Orthoic Care learned of the breach July 10. An FBI investigation revealed the hackers exploited a previously unknown flaw in software purchased by the company to access the records, which included names, contact information, patient ID numbers, diagnostic codes, appointment dates and billing amounts, according to a statement from the company. Additionally, some records included Social Security numbers, birth dates, medical insurance company, identification information and photos of procedures.
P&O Care did not immediately return Becker's Hospital Review's request for further comment on what software vendor had the flaw or how many records were affected.
"P&O Care deeply regrets that this incident occurred and understands the importance of personal information security," Jim Weber, CEO of P&O, said in the statement. "We are working diligently to notify our patients of this risk, and in light of this attack, we are also working with a nationally recognized security firm to further enhance our security and guard our patients' information."
More articles on data breaches:
Possible data breach at St. Peter's Health Partners after man given records of other patients
FTC says LabMD liable for lax data security in 2013 breach, overturns judge's dismissal of case
$15M in HIPAA settlements paid in first seven months of 2016