A company that provides billing and collection services to healthcare providers has announced a data breach that compromised the personal records of more than 274,000 individuals representing several of the agency’s clients after a malware incident allowed a hacker to access the company’s systems.
Benefit Recovery Specialists, Inc., based in Houston, announced the breach late last month. It is the sixth-largest healthcare data breach thus far in 2020, according to a published report. The information that was compromised in the breach include the individual’s names, dates of birth, dates of service, provider name, policy identification number, procedure code, and/or diagnosis code. For a small number of individuals, their Social Security numbers may also have been impacted.
The company noticed a “malware incident” on April 30 and began an investigation, according to the data breach notice. The investigation uncovered that an unauthorized user gained access to the agency’s systems using employee credentials and deployed malware that allowed access to the company’s records.
“We take the security of personal information very seriously,” the company said. “Upon learning of the incident, we began working with third-party specialists to assess and develop a response plan and secure the BRSI
environment. While BRSI is unaware of any misuse of personal information impacted by this event, individuals are encouraged to remain vigilant against incidents of identity theft by reviewing account statements and explanations of benefits for unusual activity and report any suspicious activity immediately to their insurance company, health care provider, or financial institution.”
The increase in remote care and telehealth visits during the coronavirus pandemic has spurred hackers to target healthcare providers and their partners as a means of accessing troves of consumers’ personal information, according to a published report. Phishing attacks, where a hacker, using an email or text message that looks legitimate, dupes an individual into clicking on a link, continues to be the most popular type of attack. The links in phishing emails contain malware code that is implanted on the recipient’s computer and opens a door into a company that the hacker can then walk through.