A breach on a server managed by cloud hosting and server management provider TekLinks, may have allowed hackers to potentially access and exfiltrate the personal health information of patients from Alabama-based Surgical Dermatology Group.
TekLinks discovered unauthorized access around May 1, 2017, but access was first gained on March 23. Officials said it blocked server access after the initial discovery, but hackers could have viewed or copied data beforehand.
Surgical Dermatology hired a forensic investigation team to determine the scope of the breach. Officials said the compromised server contained patient ID numbers, names, Social Security numbers, health plan information and physician names.
[Join Your Peers at HIMSS’ Healthcare Security Forum! Register Today]
Financial information and credit card information weren’t stored on the affected server, officials said.
Surgical Dermatology’s investigation team has secured the server, and officials said policies have been revised to improve security for the organization.
All patients were notified and offered a year of free credit monitoring and identity theft protection services. Officials said the organizations also reported the breach to appropriate authorities, including the FBI.
The number of breached records was not included in the notification, and the data is not yet included on the U.S. Department of Health and Human Services’ Office of Civil Rights breach reporting tool.
Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com
