Sports Medicine Provider Breach Affects 7,000 Patients

by Ryan Coyne | Dec 5, 2017

Sports Medicine & Rehabilitation Therapy (SMART) has made contact with 7,000 patients to advise them of a violation of their protected health information. The breach has have affected all patients whose information was captured while attending a SMART center before to December 31, 2016.

The breach, which occurred at the Massachusetts-based firm during September 2017, was an extortion attempt. Hackers are believed to have obtained access to SMART systems, taken data, and demanded a ransom payment to stop the information from being released on the Internet.

No indication was given in the breach notification correspondence to suggest the ransom had been paid, although SMART has advised its patients that there is “no reason to believe that the data has been or will be used for further nefarious purposes.”

The matter has been looked into by the FBI and Homeland Security although the details of the review have not been released. Efforts were made by SMART to obtain a copy of the official police report through the Freedom of Information Act, although at the time the correspondence was sent, no copy had been received.

The information that may have been stolen by the hackers did not include financial data or Social Security details, but insurance numbers and diagnostic codes were included in the stolen data set.

The North Carolina Department of Health and Human Services has identified a spreadsheet containing the protected health information of almost 6,000 people was sent to a vendor in an unencrypted email, mistakenly. The breach was found on September 27, 2017.

The vendor was contacted and told to securely remove the spreadsheet attached to the email. NC DHHS has stated that the spreadsheet has been securely removed, although affected people have been informed that possibly, the email could have been intercepted in transit by unauthorized people. The danger of interception of the email or the misuse of any data in the spreadsheet is believed to be low.

The spreadsheet included information such as names, test details, and Social Security numbers of people who had undergone routine drug screening tests. The tests were carried out on individuals who had applied to NC DHHS for a job or intern and volunteer opportunities.

NC DHHS is completing a review of policies and processes to ensure similar incidents are avoided in the future.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

COMPREHENSIVE HIPAA TRAINING

Used in 1000+ Healthcare Organizations and 100+ Universities

Ryan Coyne

Ryan Coyne is a results-driven leader in the healthcare compliance industry, specializing in regulatory compliance, compliance training, and assisting healthcare organizations and business associates in achieving and maintaining compliance. With a deep knowledge of healthcare regulations and a keen understanding of the challenges faced by the industry, Ryan has developed a reputation as a trusted advisor and advocate for ethical and compliant practices in healthcare. Ryan has successfully advised and guided numerous healthcare organizations, business associates, and healthcare professionals on achieving and maintaining compliance with regulatory training requirements. Ryan's professional focus is using his in-depth expertise and leading a world class team of subject matter experts at ComplianceJunction in regulatory compliance to help organisations navigate the complex landscape of ensuring staff adhere to healthcare regulations. You can connect with Ryan via LinkedIn and follow on Twitter