Medical Colleagues of Texas, a doctors’ alliance based in Katy, TX, has discovered that an unauthorized individual gained access to its system, compromising the files of over 68,000 patients. The specific details of the incident have not been disclosed, and an investigation into the security breach is ongoing. At the time of issuing the breach notification, the doctors’ alliance was unaware of how access was obtained to its systems. However, the investigation has determined that personnel records and patient medical files may have been accessed. The data stored on the compromised system includes patients’ names, Social Security numbers, addresses, and health insurance information.
The breach was first detected on March 8, 2016, when an employee observed unusual activity on the computer system of the obstetrics group. This activity was attributed to an unauthorized individual who had gained remote access to the system. A computer forensics company was engaged to investigate the security breach. Lindsay Nickle, an attorney for the Medical Colleagues of Texas, reported that the system has since been secured and cleaned, and external access has been blocked.
The incident has been reported to law enforcement, which is participating in the investigation. The breach was also reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) on May 11, 2016. The OCR report indicates that 68,631 patients were affected by the security breach. All affected patients have been notified by mail and have been offered free credit monitoring services through Experian.
In response to the breach, Medical Colleagues of Texas has upgraded its firewall and implemented two-factor authentication for remote access to its systems. Additionally, modifications have been made to the computer system to enhance policies, security, and procedures. Employees have also received additional HIPAA training on data security.