Forefront Dermatology reports breach of 2.4M patient records

In one of the biggest breaches reported to OCR in months, unauthorized parties reportedly accessed files that may have included names, dates of birth and insurance plan member ID numbers, among other information.
By Kat Jercich
11:58 AM

Forefront Dermatology, a Wisconsin-based organization with locations in 21 states and the District of Columbia, reported that a data security incident led to the potential exposure of more than 2.4 million patient records.

The intrusion, which was first identified in early June, resulted in unauthorized access to certain files on Forefront's IT system containing patient and employee information.    

"While the investigation found evidence that only a small number of patients' information was specifically involved, Forefront Dermatology could not rule out the possibility that files containing other patients' information may have been subject to unauthorized access," said the company in a press statement.  

WHY IT MATTERS  

Although Forefront did not specify the number of individuals affected, its report to the U.S. Department of Health and Human Services' Office of Civil Rights says 2,413,553 people's records may have been exposed.   

According to the company, an investigation determined that unauthorized parties gained access to Forefront's IT network between May 28 and June 4, when the intrusion was discovered. At that point, Forefront promptly took its network offline and notified law enforcement.  

The bad actors reportedly accessed certain files that contain information pertaining to some patients, possibly including names, addresses, dates of birth, account numbers, health insurance plan member ID numbers, medical record numbers, dates of service, accession numbers, provider names, and/or medical and clinical treatment information.   

There is no evidence, said Forefront, that patient Social Security numbers, driver's license numbers, or financial account information were involved.  

"Patients whose information may have been involved in this incident are being notified by Forefront Dermatology and are advised to review the statements they receive from their health care providers and health insurance plan," said Forefront in a statement. "If individuals see services they did not receive, they should contact the provider or health plan immediately."  

THE LARGER TREND  

Numbers-wise, this is the most significant breach reported to OCR in months. But several other health systems have taken major recent hits with regard to network connection and patient engagement.  

For instance, it took more than three weeks for the San Diego-based Scripps Health to come back online after a ransomware attack – and then it was hit with multiple class-action lawsuits brought by patients who accused it of not adequately protecting their information.  

ON THE RECORD  

"To help prevent something like this from happening again, Forefront Dermatology is enhancing its security protocols," said Forefront in its statement.

 

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.