The digital age has transformed how medical practices store and manage patient data. These technological advances come with vulnerabilities, as evidenced by the recent data breach at Pioneer Valley Ophthalmic Consultants (PVOC).
Below, our experienced data breach attorneys dive into the events surrounding this breach and what they mean for patients and the wider community.
What Happened?
Pioneer Valley Ophthalmic Consultants recently disclosed two incidents related to the breach of patient data.
These breaches, however, didn’t originate from PVOC’s internal systems. They stemmed from issues with a third-party vendor, Alta Medical Management, and ECL Group, LLC, collectively known as AMM. AMM had been providing billing and accounting services to PVOC’s patients.
On March 3, 2022, PVOC discovered that from November 13 to 15, 2021, AMM’s billing servers were compromised due to a malware attack by an unidentified actor.
As PVOC sought more details about this event, they also learned of another vulnerability. On May 11, 2022, investigators revealed that Alta’s online patient portal had potential unauthorized access to payment receipts until October 26, 2021.
Importantly, PVOC clarified that these incidents were isolated to AMM’s systems and did not involve any of PVOC’s own computer systems or website.
What Information Was Involved?
Because of AMM’s inability to specifically pinpoint whose information was breached, PVOC opted for a cautious approach, notifying those individuals whose data was in AMM storage.
The November 2021 malware incident potentially exposed patient names, addresses, Social Security numbers, payment card information, and medical records.
On the other hand, the October 2021 vulnerability in the online patient portal may have compromised patient names, email addresses, transaction details, the last four digits of payment cards or accounts, and any information entered into a comment field.
At this time, PVOC has not identified any actual or attempted misuse of the patient data connected to these breaches.
What is PVOC Doing?
On learning of these breaches, PVOC collaborated closely with AMM to establish the full extent of the breaches. AMM has since boosted its security protocols with added measures to protect its digital environment. They are also enhancing their technical capabilities by bringing on board more security personnel.
In addition to alerting government regulators as mandated, PVOC is offering affected individuals 12 months of complimentary credit monitoring services through Cyberscout, facilitated by Identity Force—a company under TransUnion, which specializes in fraud assistance and remediation services.
PVOC emphasizes that these services can alert users on the same day that any changes occur in their credit file in real-time.
Contact a New York Data Breach Lawyer
The path forward involves being proactive for those impacted by the PVOC data breach. Constant vigilance against potential identity theft, reviewing account statements, and monitoring credit reports are recommended.
PVOC’s credit monitoring services offer and proactive fraud assistance further equip you to protect your data.
At Jacoby & Meyers, LLP, we are committed to aiding victims of such breaches, providing guidance and support in these challenging times. Contact us today for a case evaluation.