197K patients impacted by data breach at Physician’s Business Office impacts

Physician’s Business Office (PBO) notified 196,573 patients that their personal information and protected health data was stolen.

Based in West Virginia, PBO is a medical practice management and administrative services for healthcare providers.

PBO disclosed unusual activity in its network environment in April and took steps to secure its IT systems. An outside digital forensics and incident response firm was brought on to assist, which found data stored on the network was accessed “and potentially acquired without authorization” during the data security incident.

Under the Health Insurance Portability and Accountability Act, covered entities and business associates are required to report any breaches of PHI affecting over 500 patients within 60 days of discovery.

The stolen data could include:

Full names,
Social Security numbers,
Dates of birth,
Driver’s licenses,
Treatments,
Diagnoses,
Contact details,
Disability codes,
Prescription information and health insurance account details.

Patients will receive free credit monitoring and identity theft protection services.

In the same time, an Elasticsearch server belonging to a healthcare software provider in India is currently exposing the Covid antigen test results of Indians and foreign nationals who traveled to or from India in the last couple of years.