Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The vulnerability could possibly be exploited by unauthorized persons to access the protected health information (PHI) of patients.
A top rated computer forensics company helped with the investigation to find out if the vulnerability could be remotely exploited, if the protected health information of patients had been viewed, and the range of data that might have been compromised.
The investigation results showed that someone may have exploited the vulnerability to access sensitive patient data from April 24, 2017 to December 31, 2017. The data available on the website just included names, dates of birth, medical data, and health insurance details. the PHI of about 7,000 patients were accessible via the website.
The investigators did not find any information that indicate the vulnerability had been exploited and there were no reports that suggest the theft or misuse of patient information.
As a precaution, all patients whose private and health details were exposed received notification of the potential breach via mail and were offered 2-years complimentary credit monitoring and identity theft protection services.
Tandigm Health advised all affected people to keep track of their accounts and credit statement for any suspicious transactions and to check their health insurer’s explanation of benefits statements for healthcare services that were stated but not obtained.
A press release of Tandigm Health states that the company takes information privacy and security seriously, and strictly implements security measures to secure data in Tandigm’s care.
Tandigm Health has re-evaluated its website defenses and has improved the security of its web-based platforms. Existing policies and procedures addressing data security were updated. Employees were given additional, continuing HIPAA training on data security.