The Baptist Health System recently confirmed that the company suffered a data breach resulting from an incident in which an unauthorized person gained access to the company’s computer network after installing a line of malicious code on the system’s website. According to the Baptist Medical Center, the breakthrough led to full names, dates of birth, addresses, social security numbers, health insurance information, medical information and billing information for affected patients have been compromised. On 16 June 2022, Baptist Medical Center filed a formal notice of the breach and sent letters of breach to all parties concerned. The Baptist Health disorder affected more than 1.2 million patients in Texas alone.
If you have received a data breach notification, it is important that you understand what is at risk and what you can do about it. To learn more about how to prevent yourself from falling victim to fraud or identity theft and what your legal options are as a result of a breach of data from the Baptist health system, please see our recent article on the subject here.
More details on the Baptist health system data breach
According to an official announcement submitted by the company, on April 20, 2022, the Baptist Health System discovered that a malicious actor had installed a line code at the back of the organization’s website. In response, Baptist Health shut down the affected systems to restrict further access and began working with a cybersecurity company to investigate the incident. As the investigation continued, Baptist Health confirmed that an unauthorized third party had access to certain systems that contained personal information and removed some data from the network between March 31, 2022 and April 24, 2022.
After finding that sensitive user data was available to an unauthorized party, Baptist Health System reviewed the affected files to determine exactly what information was compromised. Although the information broken varies from individual to individual, it may include your full name, date of birth, address, social security number, health insurance information, medical information, and billing information.
On June 16, 2022, the Baptist Health System sent data breaches to all individuals whose information had been compromised as a result of a recent data security incident.
Baptist Health System is a health system based in San Antonio, Texas. The Baptist health system consists of 65 sites, most of which are located in San Antonio and surrounding areas. Baptist Health provides a wide range of health services, including orthopedic care, neuroscience, cardiovascular care, emergency care, obstetrics and physiotherapy. The Baptist Health System employs more than 6,000 people and generates approximately $ 880 million in annual revenue.
Why it’s important Healthcare providers ensure the safety of your protected health information
Baptist Health reported that the recent data security incident has affected a significant amount of patient data. Among the leaked types of data was the protected health information of patients. Protected health information refers to identifying information related to the patient’s past, present or future health status. It may also relate to information relating to how the patient pays for his or her health care.
After a breakthrough in health data, it is important to understand what is at stake. Healthcare data are not in themselves necessarily protected health information. However, if healthcare data also contains one or more “identifiers” that can be used to pair patient-specific data, they are considered “protected health information”. Thus, when protected health information is disclosed, it means that with a little work, hackers can identify the patient to whom it belongs.
The damage that can result from data breaches involving protected health information is very real. As with other types of data breaches, data obtained through data breaches provide the hacker with the information they need to commit identity theft or other fraud. However, the type of identity theft that follows a health breach is much more invasive and more difficult to correct. In addition, there is often a much higher cost for victims.
For example, cybercriminals who commit health data breaches often do so in the hope of gaining access to valuable information that they can then sell to a third party. The third party buys this data with the intention of using it to obtain medical care on behalf of the victim – as an expensive operation. This has financial consequences for the victim because either their insurance is charged or, if they are not covered, they receive the bill in their own name.
The other, more insidious risk is that a person receiving care on your behalf provides the attending physician or surgeon with information about themselves that appears on your medical record. For example, a “fake patient” may provide a doctor with their own list of allergies or medications. This may mean that the next time you go to the doctor, he has incorrect information in your file. While one would hope that health professionals would catch such a mistake, this is far from a guarantee.