Hackers hit dermatology practice through cloud vendor
A cyber attack that affected a cloud-hosting and service provider resulted in access to patient data of Surgical Dermatology Group in Alabama, a specialty practice that has offices in Birmingham, Montgomery and Huntsville.
Hackers were able to penetrate TekLinks, which provides cloud services to Surgical Dermatology; the cloud provider notified the practice of the about the intrusion in early June.
“TekLinks has assured us that all unauthorized access was terminated on May 1, 2017, and that monitoring by TekLinks from April 22 through May 1 showed no further malicious activity during that time period,” the practice told patients in a notification letter.
Information that was compromised included patient names, addresses, home and mobile telephone numbers, email addresses, Social Security numbers, medical record numbers, physician names, health plans, and charges and payments for services rendered.
Driver’s license numbers and financial information were not affected. Surgical Dermatology Group is offering affected individuals one year of credit monitoring and identity theft protection services.
The practice declined to provide additional details about the incident, including the number of affected individuals. If the information of more than 500 individuals was compromised, the practice will be reporting further details of the breach on the website of the HHS Office for Civil Rights.