Almost 48,000 patients and guarantors may had their the payment information compromised Baylor Scott & White Medical Center in Frisco in a privacy breach which was noticed recently.
The medical center, which is jointly operated by United Surgical Partners International (USPI) and Baylor Scott & White Health, noticed an issue with the credit card processing system of one of its suppliers. A subsequent review showed there had been a week-long unpermitted cyber intrusion between September 22 and September 29. Following this discovery the medical center contacted the vendor and paused all credit card processing through the vendor’s databases.
Baylor Scott & White Health did not find any proof to suggest any patient/guarantor information had been further disclosed or misused; however, as a safety measure, all individuals impacted by the incident have been given one year of complimentary credit monitoring services through TransUnion Interactive.
The security breach was restricted to the third-party vendor’s system. Hospital data and clinical systems remained protected at all times. No health details or Social Security numbers were breached. Only the Frisco medical center was impacted by the privacy breach.
The data that was exposed and possibly accessed by an unauthorized person was restricted to: Names, addresses, dates of service, medical record numbers, health insurance provider details, account numbers, the final four digits of credit card numbers, CCV numbers, type of credit card used for payment, recurring payment dates, account balances, invoice numbers and transaction statuses.
All people impacted by the privacy breach have been contacted by mail. The data security incident was made known to the Department of Health and Human Services’ Office for Civil Rights (OCR) on November 26, 2018. The OCR breach portal states 47,948 people have been impacted by the breach.