The Viverant PT physical therapy center in Minneapolis was recently hit with a data breach that affected the personal information of over 6500 of their current and former patients and employers. They released this information on November 3 on their company website.
What Happened at Viverant?
On March 9, the company noticed that suspicious messages had been sent from the email of one of their employees. They immediately began an investigation and took measures to contain the situation by
changing passwords, enacting stricter authentication requirements, conducting employee training, and retaining national privacy and security experts.
The company stated that they had not seen any misuse of the information that was breached, though they are continuing to monitor the situation.
What was the Extent of the Viverant Breach?
The hackers gained access to the
Personally Identifiable Information (PII) and sensitive health information of the individuals. A general list of data accessed includes patient name, address, date of birth,
social security number, driver’s license number, medical record number, date of service, diagnostic or treatment information, credit and debit card numbers, health insurance information, financial account numbers (some with passwords and routing numbers), medications, usernames with security questions and answers, vehicle identification number (VIN), and digital signature.
What did Viverant do?
The company has taken security measures to mitigate the situation and also reported to the proper authorities. A dedicated assistance line at (952) 835-4512 was also created for individuals that want to ask more questions about the incident. The helpline is open Monday through Friday from 9 am to 5 pm CT.
In addition to the hotline, Viverant is offering their customers free credit reporting services from three different credit reporting bureaus.
“We remind you to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity,”
they said in a release.
“You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies.”
Why are Hospitals Being Targeted?
Data breaches and cybercrime have been on the rise, and healthcare facilities seem to be the principal target of these bad actors.
Here are the primary reasons why.
- Patient information is worth a lot for ransomware hackers, and medical institutions will do all in their power to protect it.
- Most health institutions have the financial ability to pay the bad actors.
- Most hospitals are still using outdated IT infrastructure that is an easy entry point for attackers.
- Collaborative work is typically done by health officials, creating more opportunities for a breach.
- The healthcare sector has been slow to adopt cybersecurity best practices.
- Most healthcare officials are not sensitized on cybersecurity issues and the best practices to keep their network secure.
- The large number of devices used in a hospital creates multiple access points for a bad actor to take advantage.