Healthcare Vendor Practicefirst Reveals It Suffered Cyberattack In 2020, No Data Lost

Practicefirst, a New York-based practice management vendor said that a cyberattack on healthcare that happened last year might have exposed personally identifiable information (PII) of patients and staff. Practicefirst said in a statement that the company hasn’t found any fraud or misuse of the information yet, the hacker also assured the vendor that the information was not leaked to anyone and all data was destroyed. Practicefirst is one of the leading organizations in coding, credentialing, medical billing, practice management solutions, and bookkeeping. The vendor found about the issue last year in December, it closed down all its systems, informed the authorities, and changed passwords. 

The attacker tried to install ransomware and was able to retrieve files stored in vendor’s systems which contained employees’ and patients’ PII. The data, which was later destroyed, contained names, addresses, driver’s license numbers, social security numbers, tax id numbers, and email ids. Besides this, medical information, lab and treatment data, diagnosis, employee usernames and passwords, health insurance information, and financial information were also exposed. Practicefirst said, “we immediately reported the incident to appropriate law enforcement authorities and implemented measures to further improve the security of our systems and practices.” 

“We worked with a leading privacy and security firm to aid in our investigation and response and will report this Incident to relevant government agencies. We also implemented additional security protocols designed to protect our network, email environment, and systems,” it said in a statement. The affected users were informed about the incident and the vendor also started a helpline for providing assistance to the users. “In other data breach news, University Medical Center of Southern Nevada recently announced that it faced a ransomware attack at the hands of the infamous REvil hacker group, responsible for a number of high-profile attacks.”

“In addition, Aultman Health Foundation in Ohio announced that a now-terminated employee had been inappropriately accessing patient EHRs for over a decade. The employee continuously committed HIPAA violations and accessed over 7,000 patient records,” reports HealthITSecurity. As of now, no further information about the attack has been revealed. However, it is evident that cyberattacks on the healthcare industry have become a major threat.