Fast Track Urgent Care, an urgent healthcare clinic network in Florida, has announced that the protected health information (PHI) of 258,411 persons was exposed and possibly stolen due to a ransomware attack on PracticeMax, a billing and practice management vendor.
PracticeMax stated it discovered suspicious activity inside its system on May 1, 2021, and affirmed the installation of ransomware on its system. The billing vendor could retrieve the information on its network on May 6, 2021. The investigation into the incident confirmed the compromise of its systems from April 17 to May 5, 2021. A server employed by PracticeMax and a number of email accounts had been impacted and information on its systems had been encrypted.
The breach impacted a number of its healthcare clients, such as Humana and Anthem Inc. The two medical insurance companies affirmed that they were impacted at the end of February 2022. PracticeMax publicly reported the incident in the fall of 2021. According to Fast Track Urgent Care, it was initially informed by PracticeMax about the ransomware attack on May 10, 2021. However, at that period of the investigation, it was uncertain if the PHI of its patients was accessed or stolen during the attack.
On February 14, 2022, Fast Track Urgent Care mentioned that PracticeMax initially sent a notification that patient information might have been affected. However, PracticeMax cannot confirm if the customer and patient information was viewed or stolen and that the investigation was in progress. Fast Track Urgent Care stated that PracticeMax only confirmed the access of Fast Track Urgent Care patient information on June 6, 2022, which is 13 months after the preliminary breach.
Fast Track Urgent Care mentioned that the following types of data were affected: names, passport numbers, Social Security numbers, treatment and diagnosis details, driver’s license numbers, dates of birth, medical insurance data, and financial details. PracticeMax has provided the victims with free memberships to identity theft protection and credit monitoring services. PracticeMax sent notification letters to impacted persons on behalf of Fast Track Urgent Care.
Fast Track Urgent Care stated that PracticeMax took a number of steps to take care of the security incident and has assessed guidelines and procedures and enforced extra safety measures to better protect the data on its systems.