Breach of Payment Information Impacts 48,000 Patients of Frisco Medical Center

by | Dec 20, 2018

Almost 48,000 patients and guarantors may had their the payment information compromised Baylor Scott & White Medical Center in Frisco in a privacy breach which was noticed recently.

The medical center, which is jointly operated by United Surgical Partners International (USPI) and Baylor Scott & White Health, noticed an issue with the credit card processing system of one of its suppliers. A subsequent review showed there had been a week-long unpermitted cyber intrusion between September 22 and September 29. Following this discovery the medical center contacted the vendor and paused all credit card processing through the vendor’s databases.

Baylor Scott & White Health did not find any proof to suggest any patient/guarantor information had been further disclosed or misused; however, as a safety measure, all individuals impacted by the incident have been given one year of complimentary credit monitoring services through TransUnion Interactive.

The security breach was restricted to the third-party vendor’s system. Hospital data and clinical systems remained protected at all times. No health details or Social Security numbers were breached. Only the Frisco medical center was impacted by the privacy breach.

The data that was exposed and possibly accessed by an unauthorized person was restricted to: Names, addresses, dates of service, medical record numbers, health insurance provider details, account numbers, the final four digits of credit card numbers, CCV numbers, type of credit card used for payment, recurring payment dates, account balances, invoice numbers and transaction statuses.

All people impacted by the privacy breach have been contacted by mail. The data security incident was made known to the Department of Health and Human Services’ Office for Civil Rights (OCR)  on November 26, 2018. The OCR breach portal states 47,948 people have been impacted by the breach.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy