Hacking of a third-party credit card vendor leads to HIPAA breach
Baylor Scott & White Medical Center-Frisco, in Frisco, Texas, announced a data breach affecting 47,000 patients and guarantors earlier this month. According to its statement, in September the hospital found an issue with a third-party vendor’s credit card processing system, and a subsequent investigation determined that the vendor had been hacked between September 22–29, 2018.
In response to the breach, the hospital terminated credit card processing services with the vendor and began to notify patients whose information was compromised in the attack. In its statement, the hospital noted that its clinical systems were not affected, and no medical information was accessed. Nevertheless, certain protected health information (PHI) was exposed in the breach.
According to its statement, the PHI and payment information that may have been compromised included:
- Name
- Mailing address
- Telephone number
- Date of birth
- Medical record number
- Date of service
- Insurance provider information
- Account number
- Last four digits of the credit card used for payment
- The credit card CCV number
- Type of credit card
- Date of recurring payment
- Account balance
- Invoice number
- Status of transaction