Breach at Arizona Clinic Affects More Than 900,000 Patients and Employees

A data breach at a Phoenix anesthesiology and pain clinic affected 882,590 patients as well as all current and former employees and providers.

On June 13, Valley Anesthesiology and Pain Consultants (VAPC) learned that an unauthorized third-party may have accessed its computer systems beginning March 30, VAPC said in a statement. Patient information stored on the affected system included:

• Names and dates of birth
• Diagnosis and treatment codes
• Insurer names
• Insurance ID numbers
• Social Security numbers

Patient financial information was not stored on the affected system.

The system was also used to store employee information, including:

• Names
• Address
• Social Security numbers
• Bank account information
• Tax information

Providers’ bank account and financial information, as well as Drug Enforcement Agency numbers and National Provider Identifiers may have been affected by the breach.

VAPC is working with an IT forensic firm and law enforcement agency to determine the full scope of the potential breach. There is currently no evidence that patient information was accessed or used, but VAPC is unable to rule out the possibility. The clinic mailed letters to affected patients and set up a call center that patients can contact for more information. Affected patients are advised to carefully review insurance statements and to contact their insurer immediately if there are any discrepancies.