Breach, Compliance Management, Data Security, Network Security, Privacy

The Southeast Eye Institute patient information compromised

The Southeast Eye Institute, P.A., in Florida, doing business under the name the Eye Associates of Pinellas, reported a possible data breach after an unauthorized individual gained access to patient data via a third party affiliate.  

How many victims? 87,314

What type of information? Names, addresses, telephone numbers, Social Security numbers, dates of birth, and insurance information may have all been compromised.

What happened? On March 30, 2016, The Southeast Eye Institute was notified that a third-party breach at the medical practice software provider Bizmatics may have compromised the information of “at least some” of the institute's patients. Officials said the breach occurred in January 2015 but they did not immediately become aware of the incident. Bizmatics was unable to determine which patients' information was accessed and if the unauthorized individual was able to collate the various data files.

What was the response? The software provider hired a cybersecurity firm to strengthen its cyber defenses, including hardening its firewall and network configurations. Southeast Eye Institute is no longer using Bizmatics practice management software. Victims are being offered one year of free identity protection services and credit monitoring services.

Quote: “We sincerely apologize for any inconvenience and concern,” the company said in its breach notification.  

Source: Eye Associates of Pinellas breach notification, U.S. Department of Health and Human Services Office for Civil Rights.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.