Minnesota healthcare provider hit by cyber-attack.
A US physical therapy center has announced that the personal data of more than 6,500 patients has been breached in a security incident.
Viverant PT, based in Minneapolis, Minnesota, said that the personally identifiable information (PII) of current and former patients and employees was affected in the breach.
A wealth of healthcare information is reported to have been leaked, including patient names, addresses, dates of birth, Social Security numbers, driver’s license numbers, and medical record numbers.
Other potentially accessed data includes diagnostic or treatment information, payment card numbers with passwords or security codes, health insurance information, financial account numbers with or without passwords or routing numbers, and digital signatures.
Suspicious emails
In a statement, the center said that it became aware of an issue in March 2021 after “suspicious emails” were sent from an employee’s account.
“Once aware of the incident, we immediately investigated the matter and took measures to address and contain the incident, including changing passwords, enacting stricter authentication requirements, conducting employee trainings, and retaining national privacy and security experts,” the center wrote.
The center said that there is “no indication that any information was individually accessed or misused in any way”.
Although the data breach was discovered in March 2021, the incident has only just appeared on the US Department of Health and Human Services’ HIPAA breach portal.
Credit monitoring
Viverant is offering free credit monitoring services for anyone suspected to be affected and has urged potential victims to be “vigilant” in monitoring their financial accounts.
The incident has been reported to “relevant government agencies”, the healthcare provider confirmed.
