PHI of 45,262 Desert Pain Institute Patients Possibly Exposed in Cyberattack

Baywood Medical Associates, dba Desert Pain Institute (DPI) located in Mesa, AZ, has found out that unauthorized persons acquired access to sections of its computer network containing patients’ protected health information (PHI).

The security breach was discovered and blocked by DPI on September 13, 2021, and a third-party cybersecurity firm was hired to help investigate and find out the nature and extent of the cyberattack. On October 15, 2021, the forensic investigators affirmed the proof found showing the attackers had gained access to areas of its network that stored patients’ PHI.

An analysis of the data on systems the hackers had accessed revealed that these data might have been accessed or exfiltrated: Complete names, addresses, birth dates, Social Security numbers, driver’s license/state-issued ID card numbers, tax identification numbers, military identification numbers, medical data, medical insurance policy number, and financial account numbers. The types of information possibly exposed differed from one patient to another.

Since the breach was discovered on September 13 up to the date of sending notifications, there is no proof found to suggest any attempted or actual patient data misuse; nevertheless, affected persons were cautioned to watch out for signs of identity theft and fraud and to register for the free credit monitoring services, which are being given.

DPI reported that it has improved security options for its computer systems and servers, which consists of new end-point tracking tools to determine unauthorized activity.

The Department of Health and Human Services’ Office for Civil Rights breach portal has no report of the breach yet. However, the breach report given to the Maine attorney general indicated that 45,262 persons had their protected health information potentially exposed.