Valley Anesthesiology and Pain Consultants, a large practice with more than 300 providers serving multiple hospitals across the greater Phoenix region, has suffered a cyber attack affecting 882,590 patients.

The incident also affects all current and former employees and providers, the number of which was not disclosed.

In a statement, the organization said it learned of the attack on June 13, 2016; further investigation found that the attack started on March 30. Forensics has found no evidence that data was actually accessed, but it cannot rule out the possibility that data was taken.

The list of protected health information at risk is extensive. For patients, it includes names, providers’ names, dates of service and places of treatment, health insurers and insurance identify numbers, diagnoses and treatment, and an undisclosed number of Social Security numbers.

Provider data possibly compromised includes names, dates of birth, Social Security numbers, licensure numbers, Drug Enforcement Agency numbers, national provider identifiers and bank account information.

Employee information at risk includes names, dates of birth, addresses, Social Security numbers, bank account information and tax information.

A spokesperson responding to written questions noted that the organization is offering one year of credit monitoring and identity protection services from Experian to an undisclosed number of individuals with compromised Social Security or Medicare numbers. The organization is enhancing its IT security, including hardening network firewalls and incorporating best security practices.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access