Anesthesia, Eye Care, and Telehealth Providers Announce Third-Party Data Breaches
Several more providers of anesthesia services have confirmed they have been affected by a data breach at their management services organization (MSO). Last month, HIPAA Journal reported that 13 providers of anesthesia services to hospitals had been affected by the breach. At least nine more healthcare providers are now known to have been affected, bringing the total to at least 22. The latest announcements bring the breach total up to 433,826 records.
- Somnia Pain Mgt of Kentucky – 10,849 individuals
- Primary Anesthesia Services – 9,517 individuals
- Saddlebrook Anesthesia Services PC – 8,861 individuals
- Resource Anesthesiology Associates Of KY PSC – 8,980 individuals
- Resource Anesthesiology Associates of NM Inc – 7,054 individuals
- Resource Anesthesiology Associates of VA LLC – 3,305 individuals
- Resource Anesthesiology Associates of CT PC – 3,123 individuals
- Somnia, Inc. – 1,326 individuals
- Mid-Westchester Anesthesia Services – 707 individuals
The breach was detected by the MSO on July 11, 2022, with the forensic investigation determining information stored on its systems had been compromised. The affected companies were notified about the breach on September 22, 2022.
The breach involved names, Social Security numbers, dates of birth, driver’s license numbers, financial account information, health insurance policy numbers, medical record numbers, Medicaid/Medicare IDs, and health information, including diagnosis and treatment information.
Massengale Eye Care Affected by Eye Care Leaders’ Data Breach
Massengale Eye Care in Moore, OK, has recently announced that the protected health information of up to 15,000 patients has been compromised in a data breach at its EHR vendor, Eye Care Leaders. Massengale Eye Care said it has used the myCare Integrity electronic health records platform since 2017. On or around December 4, 2021, unauthorized individuals gained access to the platform and potentially obtained patient information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Eye Care Leaders said it is unaware of any misuse of patient data, and no specific evidence was found to indicate the records of Massengale Eye Care patients were viewed or obtained. Since unauthorized access to protected health information could not be ruled out, notifications have been sent to affected individuals. The information potentially accessed includes names, addresses, dates of birth, Social Security numbers, diagnostic information, and health insurance information. Massengale Eye Care confirmed that the breach was confined to the Eye Care Leaders platform.
41 eye care providers are now known to have been affected and the records of at least 3,649,470 patients have been exposed.
Telehealth Vendor Announces 3-Year Data Breach
Miramar, FL-based telehealth provider, MDLIVE Medical Group, has recently announced that the protected health information of 7,439 individuals has been impermissibly disclosed as a result of a third-party analytics tool on its website. MDLIVE Medical Group did not confirm which analytics tool was involved, but similar breaches have been reported by other healthcare providers recently that involved the Meta Pixel tool, which is used for a similar purpose.
MDLIVE Medical Group said the tool was used to better understand how patients interacted on its website and patient portal, in order to make improvements to the portal to improve the quality of care provided to patients. The tool was first added to the website in June 2019 but was accidentally configured to monitor activity on the patient login page of its portal. The tool was removed in August 2022. The data disclosed to the provider of the tool included usernames, passwords, and dates of birth only. There is no indication that the information has been viewed or misused.