A privacy breach at a practice site of Oaks, Pa.-based Axia Women's Health, formerly Women's Health Care Group of PA, affected 300,000 patients, according to the HHS Office for Civil Rights breach portal.
Axia discovered a virus on a server and workstation at one of its practice locations May 16. Upon discovering the virus, which blocked access to system files, the organization removed the infected equipment from its network.
The organization launched an investigation into the incident and learned that, due to a security vulnerability, external hackers had access to its systems since January. Axia officials believe the virus infected the server and workstation through this vulnerability.
Officials have not determined if any patient information was acquired or viewed due to the breach incident, which might have included patient names, Social Security numbers and insurance information, among other data. No financial information was compromised, according to Axia officials.
Axia was able to restore the encrypted files from a back-up server and the incident had no effect on Axia's ability to provide patient care.
Axia is notifying affected individuals about the incident via letter and is conducting a comprehensive internal review of its information security practices to prevent similar events from occurring.
Becker's has reached out to Axia Women's Health. This story will be updated as more information becomes available.
More articles on health IT:
Wisconsin employer to install voluntary microchips in employees' hands