Credit card applications cause data breach for a physician practice

Carolina Oncology Specialists, a 12-clinician practice in Hickory, N.C., is alerting patients about a potential incident in which personal information apparently is being used for financial fraud.

The organization recently received several credit card applications addressed to three patients, but using the practice’s mailing address. Each patient was notified by the practice and received the credit card application that was sent to the practice, and local police were notified. The name of one patient was used to open a false credit card account.

The concern of the practice for its patients is that false credit card accounts could be opened by whoever sent the credit card applications, according to a notification letter to patients. But while only three patients are known to be affected, Carolina Oncology Specialists is notifying a total of 1,551 patients who also could be at risk.

Carolina Oncology Specialists-CROP.jpg

Also See: How quick breach recovery hurt one provider

“We share this information not to alarm you but to raise awareness,” the notification letter informs patients. “We have asked our electronic medical record vendor to conduct an analysis of our EMR and they have done so and have assured us that there has not been any detectable breach or electronic tampering (hacking) of personal health information.”

The practice advised patients to check their credit activity and contact credit bureaus and police if a credit report includes false information. “Each of the three major credit bureaus allow a free credit report check once a year. Checking a credit report is a smart way to identify accounts that are fraudulent.”

The data breach is posted on the HHS Office for Civil Rights’ database of breaches affecting more than 500 individuals. Senior leaders at Carolina Oncology Specialists declined to provide additional details about the incident.

For reprint and licensing requests for this article, click here.