Advanced Spine & Pain Center HIPAA Breach Affect 8,362 Patients

by | Oct 29, 2017

The San Antonio, TX, Advanced Spine & Pain Center (ASPC) has advised clients of a possible breach that could have affected as many as 8,362 patients.

ASPC became aware of a potential violation of ePHI on July 31, 2017 when some clients reported receiving a telephone call advising payment for an outstanding bill must be made. An investigation was initiated to determine whether ASPC systems had been breached.

That review showed unauthorized people had gained access to an ASPC server. Unauthorized access happened even though extensive security measures had been implemented, including firewalls, network filtering, security monitoring, password protection, and antivirus software.

While unauthorized access was established as having occurred, it was unclear whether any sensitive data was accessed by those attackers. It was also not possible to definitively determine whether the telephone calls received by some patients were due to the security breach.

Since the patients’ ePHI may have been viewed or obtained by unauthorized people, ASPC has offered all affected patients identity theft protection services and coverage with a $1,000,000 insurance reimbursement policy. A full network review has been completed and action has been taken to ensure the network is safe and secured. Recent monitoring of the network has not found any proof of ongoing unauthorized access and the breach is thought to have been controlled.

An analysis of the compromised server has identified that the following PHI may have been obtained: Names, addresses, telephone numbers, state and zip codes, Social Security details, birth dates, medical histories, x-ray images and lab test results, scheduling notes, billing information, insurance information, CPT codes, ID numbers, group numbers, and patients’ gender. No payment information or credit/debit cards were obtained.

The hacking incident has been made known to law enforcement agencies and the Department of Health and Human Services’ Office for Civil Rights has been provided with an official report as well..

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy