PHI of 7,000 Patients Exposed Due to Tandigm Health Website Vulnerability

Healthcare company Tandigm Health discovered a vulnerability on its website on September 25, 2018. The vulnerability could possibly be exploited by unauthorized persons to access the protected health information (PHI) of patients.

A top rated computer forensics company helped with the investigation to find out if the vulnerability could be remotely exploited, if the protected health information of patients had been viewed, and the range of data that might have been compromised.

The investigation results showed that someone may have exploited the vulnerability to access sensitive patient data from April 24, 2017 to December 31, 2017. The data available on the website just included names, dates of birth, medical data, and health insurance details. the PHI of about 7,000 patients were accessible via the website.

The investigators did not find any information that indicate the vulnerability had been exploited and there were no reports that suggest the theft or misuse of patient information.
As a precaution, all patients whose private and health details were exposed received notification of the potential breach via mail and were offered 2-years complimentary credit monitoring and identity theft protection services.

Tandigm Health advised all affected people to keep track of their accounts and credit statement for any suspicious transactions and to check their health insurer’s explanation of benefits statements for healthcare services that were stated but not obtained.

A press release of Tandigm Health states that the company takes information privacy and security seriously, and strictly implements security measures to secure data in Tandigm’s care.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

Tandigm Health has re-evaluated its website defenses and has improved the security of its web-based platforms. Existing policies and procedures addressing data security were updated. Employees were given additional, continuing HIPAA training on data security.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: