Vendor breach exposes 87,000 Southeast Eye Institute patients' data

Southeast Eye Institute, which does business as Eye Associates of Pinellas, is notifying patients their protected health information may be compromised after a third-party vendor suffered a data breach.

The provider, based in Pinellas Park, Fla., said off-site vendor Bizmatics notified Southeast Eye Institute of the breach March 30, saying "at least some" information in patient files was accessed by unauthorized individuals.

According to Southeast Eye Institute's notification letter, Bizmatics is unable to identify which patient files were accessed. Bizmatics reportedly told Southeast Eye Institute that it keeps sensitive information in separate files in efforts to enhance security: For example, names are kept separately from addresses, according to the letter.

However, potentially compromised information includes names, addresses, phone numbers, Social Security numbers, birth dates and insurance information. Bizmatics did not store any medical information or credit card information, according to the notification letter.

According to HHS' Office for Civil Rights breach notification portal, the breach affects more than 87,000 individuals.

Bizmatics said the breach appears to have occurred in January 2015. The vendor has notified the FBI and is working to strengthen its cybersecurity defenses, according to the notification letter. Southeast Eye Institute is no longer using Bizmatics' practice management software.

More articles on data breaches:

Managing insider cybersecurity risk: 5 key findings 
Unhealthy rise in healthcare privacy breaches: 5 tips to stay ahead of patient privacy threats 
Vendor misconfiguration breaches Children's National Health System patient data 

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months