Sports Medicine Provider Breach Affects 7,000 Patients

Sports Medicine & Rehabilitation Therapy (SMART) has made contact with 7,000 patients to advise them of a violation of their protected health information. The breach has have affected all patients whose information was captured while attending a SMART center before to December 31, 2016.

The breach, which occurred at the Massachusetts-based firm during September 2017, was an extortion attempt. Hackers are believed to have obtained access to SMART systems, taken data, and demanded a ransom payment to stop the information from being released on the Internet.

No indication was given in the breach notification correspondence to suggest the ransom had been paid, although SMART has advised its patients that there is “no reason to believe that the data has been or will be used for further nefarious purposes.”

The matter has been looked into by the FBI and Homeland Security although the details of the review have not been released. Efforts were made by SMART to obtain a copy of the official police report through the Freedom of Information Act, although at the time the correspondence was sent, no copy had been received.

The information that may have been stolen by the hackers did not include financial data or Social Security details, but insurance numbers and diagnostic codes were included in the stolen data set.

The North Carolina Department of Health and Human Services has identified a spreadsheet containing the protected health information of almost 6,000 people was sent to a vendor in an unencrypted email, mistakenly. The breach was found on September 27, 2017.

The vendor was contacted and told to securely remove the spreadsheet attached to the email. NC DHHS has stated that the spreadsheet has been securely removed, although affected people have been informed that possibly, the email could have been intercepted in transit by unauthorized people. The danger of interception of the email or the misuse of any data in the spreadsheet is believed to be low.

The spreadsheet included information such as names, test details, and Social Security numbers of people who had undergone routine drug screening tests. The tests were carried out on individuals who had applied to NC DHHS for a job or intern and volunteer opportunities.

NC DHHS is completing a review of policies and processes to ensure similar incidents are avoided in the future.