Baylor Scott & White Medical Center, located in Frisco, TX, has learned about a potential compromise of the payment details of roughly 48,000 patients and guarantors. The medical center is mutually operated by Baylor Scott & White Health (BSWH) and United Surgical Partners International (USPI). The breach occurred at one of its vendors and involved its credit card processing system. Once the security breach had been identified, BSWH notified the vendor and discontinued all credit card processing on the vendor’s system.
The investigation revealed the vendor experienced a week-long security breach from September 22 to September 29, 2018. BSWH found no evidence to suggest the misuse or disclosure of any patient/guarantor details; nonetheless, as a safety measure, all persons impacted by the breach have been offered twelve months of free credit monitoring services via TransUnion Interactive as a precaution.
The security breach only affected the system of the third-party vendor. Hospital data and clinical systems were unaffected. The breach only affected patients of the Frisco medical center.
The exposed information, which the unauthorized person potentially accessed, included names, addresses, medical record numbers, dates of service, health insurance service provider details, type of credit card used, the last four digits of credit card numbers, CCV numbers, recurring payment dates, account numbers, account balances, transaction statuses, and invoice numbers.
All people impacted by the data breach have been notified by mail. On November 26, 2018, a data security breach report was submitted to the Department of Health and Human Services’ Office for Civil Rights. The OCR portal shows 47,948 patients were affected by the breach.