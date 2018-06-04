42,000 patients impacted by 2016 breach of Michigan provider

A hacker told Holland Eye Surgery and Laser Center in March that they had accessed a patient list, but an investigation revealed that another access occurred back in 2016.
By Jessica Davis
June 04, 2018
01:56 PM
Share
patients medical records breach of Michigan eye doctor

Holland Eye Surgery & Laser Center in Holland, Michigan. Credit: hollandeye.com 

Michigan-based Holland Eye Surgery and Laser Center is notifying 42,200 of its patients that an unauthorized user hacked into a patient database in 2016 and potentially accessed their records.

A pen tester contacted Holland officials on March 19 and said they accessed a patient list containing personal data. The provider launched an investigation and discovered the hacker did indeed access the list in June 2016, but "concealed the extent of his or her access" until the March emails.

[Also: The biggest healthcare data breaches of 2018 (so far)]

The list contained demographic information, along with data that varied by patient, such as health insurance information, Social Security numbers and dates of birth.

Law enforcement was notified and officials have continued to investigate since the hacker notified the provider.

What’s concerning is that the hacker claimed to have sold some of the data from a small group of patients contained in the list "for reasons believed to be related to fraud." But Holland has no way of confirming whether this is true.

So far, officials said they haven’t received any verifiable reports that data included in the breach was misused outside of the hacker’s access. Holland did not respond to a request for comment.

The patients contained in the breached database whose Social Security numbers were stolen are being offered a year of free credit monitoring. But all patients are being told to monitor their credit for any irregular activity.

Officials said they’re working on strengthening their network security to prevent similar events in the future.

Breached and misconfigured databases are continuing to be a problem for the healthcare sector. Organizations should continually monitor network and database settings to detect any abnormal behavior.

Healthcare Security Forum

The forum in San Francisco to focus on business-critical information healthcare security pros need June 11-12.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Topics: 
Compliance & Legal, Data Warehousing, Privacy & Security
Share
View all comments 0

Top Story

Apple Health Records API
Top Story
Apple unveils Health Records API for developers to build apps for platform

Most Read

eClinicalWorks to pay $155 million to settle suit alleging it faked meaningful use certification
eClinicalWorks sued for nearly $1 billion for inaccurate medical records
Cerner sued for $16 million over revenue cycle rollout
How does blockchain actually work for healthcare?
Epic sued over millions in alleged anesthesia over-billing; Company stands by system
Nuance knocked offline by ransomware attacking Europe

Research

White Papers

More Whitepapers

Mobile
Compliance & Legal
Compliance & Legal

Webinars

More Webinars

Interoperability
Patient Engagement
Women In Health IT

Video

Developers are key to driving healthcare innovation
Developers are key to driving healthcare innovation
Why APIs are only one piece of the puzzle for healthcare transformation
Why APIs are only one piece of the puzzle for healthcare transformation
Dev4Health: A new map for innovation
Dev4Health: A new map for innovation
blockchain panel discussion at dev4health event in Cleveland
What business case will build the blockchain infrastructure?

More Stories

Epic EHR contract with UI Health upheld by Illinois court

UI Health in Chicago will spend $62 million over seven years to roll out the Epic EHR. Photo via UI Health

Despite Cerner protests, Epic EHR contract with UI Health upheld by Illinois
Imprivata launches new mobile device authentication
Imprivata launches new mobile device authentication with eye toward hospital workflows
FDA recalls 5,000 Abbott heart devices worldwide

The HeartMate 3 Left Ventricular Assist Device

FDA recalls 5,000 Abbott heart devices worldwide
AI is coming to a doctor's office near you, and AMA wants to be ready

AI's success in healthcare depends on enthused buy-in from physicians AMA President James Madara, MD, said at HIMSS18. 

 

AI is coming to a doctor's office near you, and AMA wants to be ready
women in health IT mentors
Mentors are found during times of change, some last a career
patients medical records breach of Michigan eye doctor

Holland Eye Surgery & Laser Center in Holland, Michigan. Credit: hollandeye.com 

42,000 patients impacted by 2016 breach of Michigan provider
predictive analytics helps doctors assess cardiac risk
EarlySense acquires predictive analytics to help hospitals assess cardiac risk
analyzing genomic data dna
2bPrecise, PierianDx partner to help hospitals