Patient Data of Milestone Family Medicine potentially breached after EHR Hack

Milestone Family Medicine, previously with the Bon Secours St. Francis Health System, started notifying patients recently that an unauthorized individual has possibly breached their data. Milestone Family Medicine was based in Greenville of South Carolina. The security breach might have led to some of the patients PHI (Protected Health Information)being viewed/obtained by the unauthorized individuals, who have gained access to Milestone systems in Greenville, South Carolina.

Milestone Family Medicine remained affiliated with SFPS (St. Francis Physicians Services) till February 24, 2019. On January 4, 2019, the officials discovered that a hacker has gained access to few Milestone systems. So, steps were taken for securing the systems. An investigation was also launched by the officials with help from the third-party forensics team.

It was determined by SFPS that one of the accessed servers included the Protected Health Information of certain patients. It seems that the EHR systems accessible on the Internet were targeted in this attack. The internet connections that are providing access to systems of Milestone, but are not actively getting used in order to support patient care were shut down to avoid a repeat attack.

The information types that have been possibly compromised include names, dates of birth, addresses, Social Security numbers, health insurance information, as well as information related to medical services that has been provided to patients.

This breach was only limited to the patients who had earlier received medical services in Milestone Family Medicine. Affected individuals were now being sent breach notification letters, and moreover SFPS has been offered complimentary identity theft protection and credit monitoring services.

Although there was possibility of data theft, no reports were received that indicates any patients' Protected Health Information has been misused. The affected patients were advised to monitor carefully their accounts for indicators of any kind of fraudulent activity.

SFPS has further said that technology management along with information security risk oversight were enhanced in order to prevent any more breaches of Protected Health Information, and the decision of ending affiliation with the Milestone Family Medicine has nothing to do with this breach.

The website of Department of Health and Human Services' Office for Civil Rights indicates that 32,178 patients of Milestone Family Medicine were affected by this breach.

» SPAMfighter News - 3/25/2019