Sports Medicine Provider Breach Affects 7,000 Patients

by | Dec 5, 2017

Sports Medicine & Rehabilitation Therapy (SMART) has made contact with 7,000 patients to advise them of a violation of their protected health information. The breach has have affected all patients whose information was captured while attending a SMART center before to December 31, 2016.

The breach, which occurred at the Massachusetts-based firm during September 2017, was an extortion attempt. Hackers are believed to have obtained access to SMART systems, taken data, and demanded a ransom payment to stop the information from being released on the Internet.

No indication was given in the breach notification correspondence to suggest the ransom had been paid, although SMART has advised its patients that there is “no reason to believe that the data has been or will be used for further nefarious purposes.”

The matter has been looked into by the FBI and Homeland Security although the details of the review have not been released. Efforts were made by SMART to obtain a copy of the official police report through the Freedom of Information Act, although at the time the correspondence was sent, no copy had been received.

The information that may have been stolen by the hackers did not include financial data or Social Security details, but insurance numbers and diagnostic codes were included in the stolen data set.

The North Carolina Department of Health and Human Services has identified a spreadsheet containing the protected health information of almost 6,000 people was sent to a vendor in an unencrypted email, mistakenly. The breach was found on September 27, 2017.

The vendor was contacted and told to securely remove the spreadsheet attached to the email. NC DHHS has stated that the spreadsheet has been securely removed, although affected people have been informed that possibly, the email could have been intercepted in transit by unauthorized people. The danger of interception of the email or the misuse of any data in the spreadsheet is believed to be low.

The spreadsheet included information such as names, test details, and Social Security numbers of people who had undergone routine drug screening tests. The tests were carried out on individuals who had applied to NC DHHS for a job or intern and volunteer opportunities.

NC DHHS is completing a review of policies and processes to ensure similar incidents are avoided in the future.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy