Data of nearly 900,000 at risk in latest cyber attack

Valley Anesthesiology and Pain Consultants, a large practice with more than 300 providers serving multiple hospitals across the greater Phoenix region, has suffered a cyber attack affecting 882,590 patients.

The incident also affects all current and former employees and providers, the number of which was not disclosed.

Data Breach Chart

In a statement, the organization said it learned of the attack on June 13, 2016; further investigation found that the attack started on March 30. Forensics has found no evidence that data was actually accessed, but it cannot rule out the possibility that data was taken.

The list of protected health information at risk is extensive. For patients, it includes names, providers’ names, dates of service and places of treatment, health insurers and insurance identify numbers, diagnoses and treatment, and an undisclosed number of Social Security numbers.

Provider data possibly compromised includes names, dates of birth, Social Security numbers, licensure numbers, Drug Enforcement Agency numbers, national provider identifiers and bank account information.

Employee information at risk includes names, dates of birth, addresses, Social Security numbers, bank account information and tax information.

A spokesperson responding to written questions noted that the organization is offering one year of credit monitoring and identity protection services from Experian to an undisclosed number of individuals with compromised Social Security or Medicare numbers. The organization is enhancing its IT security, including hardening network firewalls and incorporating best security practices.

For reprint and licensing requests for this article, click here.