PHI Exposed Due to Breaches at Practice Resources and Valley Baptist Medical Center

Practice Resources based in Syracuse, NY provides billing and other professional services. It encountered a data breach that affected the data of 942,138 persons.

The breach notification provided to the California Attorney General indicated that Practice Resources suffered a ransomware attack last April 12, 2022. Third-party digital forensics specialists helped Practice Resources to confirm the unauthorized access to areas of its network that contain the protected health information (PHI) of its clients. The attackers likewise may have gained access to that data before file encryption.

An analysis of the files possibly impacted by the attack revealed that they held data including names, addresses, health plan numbers, medical record numbers, and dates of treatment. Practice Resources has provided the affected persons with free identity theft protection and credit monitoring service membership.

Practice Resources stated it has notified the affected people on behalf of the following 28 clients that the security breach impacted:

  • Achieve Physical Therapy, PC
  • Community Memorial Hospital, Inc
  • CNY Obstetrics and Gynecology, P.C.
  • Crouse Health Hospital, Inc
  • Crouse Medical Practice PLLC
  • Fitness Forum Physical Therapy, PC
  • Family Care Medical Group, PC
  • FLH Medical PC
  • Guidone Physical Therapy, PC
  • Greece Dermatological Associates, PC
  • Hamilton Orthopedic Surgery & Sports Medicine
  • Helendale Dermatological and Medical Spa, PLLC
  • Laboratory Alliance of Central New York, LLC
  • Liverpool Physical Therapy, PC
  • Kudos Medical, PLLC
  • Michael J Paciorek, MD PC
  • Nephrology Hypertension Associates of CNY, PC
  • Nephrology Associates of Watertown, PC
  • Orthopedics East, PC
  • Soldiers & Sailors Memorial Hospital-Physician Practices
  • Salvation Army
  • Joseph’s Medical
  • Surgical Care West, PLLC
  • Syracuse Gastroenterological Associates, PC
  • Syracuse Endoscopy Associates, LLC
  • Syracuse Pediatrics
  • Upstate Community Medical, PC
  • Tully Physical Therapy

Hacking at Valley Baptist Medical Center

Valley Baptist Medical Center based in Brownsville, TX recently began informing a number of patients about the exposure and potential theft of some of their PHI. On June 14, 2022, Valley Baptist confirmed the unauthorized access by a third party to a computer system. As per the forensic investigation results, the unauthorized access happened from March 31 to April 24, 2022.

Upon discovery of the breach, the healthcare provider suspended user systems access, implemented cybersecurity protocols, and took steps to stop more unauthorized access. It was confirmed by the forensic investigation that patient data was possibly impacted, including names, contact details, birth dates, medical insurance data, dates of service, medical record numbers, patient account numbers, prescription drugs, diagnosis details, names of provider and facility, and visit details. Valley Baptist stated its Brownsville and Harlingen medical centers’ patients were impacted.

The data breach is not yet posted on the HHS’ Office for Civil Rights breach website, thus it is presently uncertain how many persons were affected.

About Christine Garcia 1309 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA