Vincent Vein Center in Junction, Colorado is notifying its patients and the U.S. Department of Health and Human Services (HHS) of a breach of confidential health information. The center uses Bizmatics’ EHR, a company that provides ambulatory software and electronic health records to 15,000 healthcare providers. Bizmatics recently learned that unauthorized hackers accessed its servers in 2015. Potentially compromised information includes addresses, names, health insurance and some social security numbers. Fortunately, no credit card or financial information was kept in the breached files.
Bizmatics sent a letter to Vincent Vein Center which stated cyber intruders may have installed malware in their system around January 2015. The malware was not discovered until late 2015 and they have no evidence that client records were seen or obtained by the unauthorized hackers. Bizmatics also mentioned in the letter that they are involved with CrowdStrike, a cybersecurity firm, to investigate the instance. Other healthcare companies affected by the attack on Bizmatics include Pain Treatment Centers of America and Southeast Eye Institute. According to research about incidents filed to the HHS, at least six healthcare providers are believed to have been affected by the Bizmatics data server hack.