Patients Impacted by Breaches at Clearway Pain Solutions Institute and Questcare Medical Services

Gulf Coast Pain Consultants, also called Clearway Pain Solutions Institute, found out that its EMR system was accessed by an unauthorized individual.

A breach investigation which started on February 20, 2019 revealed that a variety of patient data was accessed by the unauthorized individual. Breached information included names, telephone numbers, birth dates, home and email addresses, Social Security numbers, medical insurance information, referring provider detail, and demographic information. The hacker was not able to access the financial data and clinical data that patient documents contained.

Unauthorized access to the Clearway Pain Solutions Institute system has been blocked and a complete evaluation of all EMR accounts has been conducted. Gulf Coast Pain Consultants had to validate access levels to all user accounts and EMR system activities. When policies and procedures have been reviewed, the institute will likewise amend access to patient information as needed.

Clearway Pain Solutions Institute mailed notification letters to all impacted patients and provided them free one year registration to Experian IdentityWorks. The breach is not yet posted on the HHS’ Office for Civil Rights breach website therefore there is no exact details yet with regards to the number of individuals affected.

The physician group, Questcare Medical Services in Dallas, TX reported a phishing attack, which caused an employee’s email account containing protected health information (PHI) to be compromised on February 13, 2019. The affected patients got breach notification letters on April 12, 2019.

The people whose PHI were compromised received healthcare services from Questcare centers located in different regions of Texas namely Dallas, Fort Worth, and Arlington. The attacker possibly accessed patient data including, names, birth dates and certain clinical records. No exposed information included sensitive financial information or Social Security numbers.

Questcare employees were provided additional HIPAA training to strengthen their security awareness. They will also be provided scheduled reminders relating to phishing attacks. The group added Microsoft’s Advanced Threat Protection to boost its protection against cyberattacks. There’s no statement concerning the number of individuals the breach impacted.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA