A revenue cycle management company has announced that records for one of its clients may have been compromised.
Healthcare Resource Group issued a press release earlier this week about the incident, which occurred when an employee’s email account was subject to unauthorized access for most of last November. A third-party review of the account uncovered that records from one of the company’s clients, Orleans Community Health, were present when the account was subject to the unauthorized access.
The type of information that was available in the patient records that were accessible varied, but included the first and last name of the patient and one or more of the following pieces of information: Social Security number, driver’s license number, date of birth, medical record number, patient account number, treatment information, health insurance information, and medical billing or claims information.
To date, there is “no evidence of actual misuse of the information” that was present in the account, but HRG wanted to notify the public anyway, out of an “abundance of caution,” the company said in its release. It did not disclose how many individuals may be affected by the incident. HRG is offering individuals who might be affected one year of credit monitoring and identity theft restoration services.
“HRG takes this incident and security of personal information in its care seriously,” the company said. “HRG moved quickly to investigate and respond to this incident, assess the security of relevant HRG systems, and notify potentially affected individuals. In response to this event, HRG is reviewed and enhanced existing policies and procedures. HRG reported this incident to law enforcement and relevant regulatory authorities.”