Third-Party Data Breaches Impact Anesthesia, Eye Care, and Telehealth Providers

A number of anesthesia service providers have reported that they were impacted by a data breach encountered by their management services organization (MSO). In October, 13 anesthesia services providers to hospitals were impacted by the breach. About five more healthcare companies are currently identified to have been impacted. The most recent reports increased the breach total to 410,842 records.

  • Mid-Westchester Anesthesia Services – 707 records
  • Somnia, Inc. – 1,326 records
  • Saddlebrook Anesthesia Services PC – 8,861 records
  • Resource Anesthesiology Associates of KY PSC – 8,995 records
  • Somnia Pain Mgt of Kentucky – 10,849 records

MSO detected the breach on July 11, 2022 and the forensic investigation confirmed the compromise of information saved on its systems. MSO sent notifications to the impacted companies concerning the data breach on September 22, 2022.

The breach affected names, birth dates, financial account data, Social Security numbers, driver’s license numbers, medical insurance policy numbers, Medicaid/Medicare IDs, medical record numbers, and health data, such as diagnosis and treatment data.

Eye Care Leaders’ Data Breach Impacts Massengale Eye Care

Massengale Eye Care based in Moore, OK, has just reported that the protected health information (PHI) of approximately 15,000 individuals was compromised because of a data breach that occurred at Eye Care Leaders, its EHR vendor. Massengale Eye Care stated that it has been using the myCare Integrity electronic health records platform starting 2017. About December 4, 2021, unauthorized individuals acquired access to this platform and possibly got patient data.

Eye Care Leaders stated it did not get any report of patient data misuse. There is also no particular evidence that indicates the access or theft of Massengale Eye Care patient records. Considering that unauthorized access to PHI cannot be excluded, notifications were mailed to impacted persons. The data possibly viewed includes names, birth dates, addresses, Social Security numbers, diagnostic data, and medical insurance details. Massengale Eye Care stated that the breach was limited to the Eye Care Leaders system.

Of the 41 eye care providers that were impacted by the data breach, at least 3,649,470 patient records were exposed.

3-Year Data Breach Reported by Telehealth Vendor

Telehealth provider MDLIVE Medical Group based in Miramar, FL recently reported the impermissible disclosure of the PHI of 7,439 persons due to a third-party analytics program on its site. MDLIVE Medical Group didn’t state which analytics program was referred to, however, other healthcare companies reported the same breaches lately involving the Meta Pixel application that is utilized for the same purpose.

MDLIVE Medical Group stated the program was utilized for a better understanding of the patient’s interaction on its web page and patient portal. This is for improving the portal and the excellence of care given to patients. The application was initially added to the site in June 2019 yet was mistakenly set up to track the activity on the patient portal sign-in page. The tool was taken out in August 2022. The data shared with the provider of the program contained usernames, passwords, and birth dates only. There is no report received that indicates the access or misuse of any information.

About Christine Garcia 1312 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA