Dive Brief:
- Hackers have gained access to the PHI of about 4,200 individuals after breaking into an Ohio-based medical supply company server. The breach took place in March 2013, but the medical supply company didn't discover the problem until December.
- Edgepark Medical Supplies of Twinsburg, Ohio reported this month that hackers gained access to the server via Adobe software used to run the company website, and subsequently installed malware which captured user login data.
- For most of the persons involved, the attack allowed hackers to view individual names, dates of birth, medical diagnoses, order history, phone numbers and credit card information. For 126 of the 4,200 individuals impacted by the break-in, full credit card numbers and expiration dates were accessed.
Dive Insight:
This is just one of countless cautionary tales that remind us that a provider may do an excellent job of securing medical data, but the data is still vulnerable if the business associates haven't secured things adequately. With HIPAA penalties increasing and the general public becoming far more aware of the dangers of such breaches, it's more important than ever to see to it that PHI is secured. Apparently, Edgepark was behind the curve on this one, but it's not alone -- remember that it could easily be you whose vendor has to make amends.