PHI of 1,750 Patients of Austin Manual Therapy Exposed Due to Data Theft

Austin Manual Therapy (AMT) notified 1,750 of its patients of a potential breach of their protected health information. Allegedly, a criminal attacker accessed AMT’s computer system and may have stolen their PHI. A leading national cybersecurity team conducted a forensic investigation of the incident and found out that the attacker first gained access on October 3, 2017. Access continued until October 9, when AMT discovered the breach and blocked the attacker’s access.

AMT posted a breach notice on its website and stated that the attacker did not gain access to the company’s electronic medical record system. The attacker only gained limited access to the AMT network – just one computer and a shared file system. The forensic investigators confirmed that the attacker accessed some files, but they cannot confirm how much information was viewed or stolen. The information that was potentially viewed or accessed included names, dates of birth, addresses, dates of service, occupations, phone numbers, charge amounts, insurance coverage and policy details, diagnoses, health screening information, referring physician information, driver’s license information and Social Security numbers. The patients whose PHI have been compromised were advised to get free credit reports, set up a fraud alert and security freeze their accounts. There appeared to be no offers of free credit monitoring or identity theft protection services from AMT.

The investigation regarding the breach is mostly completed, but the forensic investigators will continue it until the end of the year. AMT also implemented additional security measures to block similar attacks. The TMD breach report did not detail the exact nature of the attack. But according to Databreaches.net, the AMT incident was an extortion attempt by TheDarkOverlord hacking group.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA