Six Hospitals Experience Cyber Incident

Aug. 17, 2022
Conifer Revenue Cycle Solutions announced on Aug. 12 that an unauthorized third party gained access to a business email account—the company provided notice to six healthcare providers in Texas

Conifer Revenue Cycle Solutions, a Dallas-based company that manages revenue and administrative services for healthcare providers, made a statement on Aug. 12 that it “experienced a cybersecurity incident that may have affected your personal information.”

Conifer is currently providing this notice on behalf of the following healthcare providers: San Antonio-based Baptist Health System; Resolute Health Hospital in New Braunfels; The Hospitals of Providence Memorial Campus in El Paso and Valley Baptist Medical Centers in Brownsville and Harlingen. The vendor sent a separate notice to Alabama patients on behalf of Brookwood Baptist Medical Center in Birmingham.

The statement provided by Conifer does not provide the number of individuals impacted by the breach, but the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal has the number at 2,787.

The statement says that “On April 14, 2022, Conifer learned that an unauthorized third party gained access to a Microsoft Office 365-hosted business email account. Upon discovery, Conifer immediately began an investigation, and engaged a leading security firm. Based on the investigation, the unauthorized party was able to access the business email account at Conifer on January 20, 2022. This email account is separate from Conifer’s internal network and systems, which were not affected by this incident.”

Moreover, “Based on a detailed review conducted between June 13, 2022 and August 3, 2022, it was determined that your personal information associated with a healthcare provider was in the impacted business email account. Even though Conifer conducted a thorough investigation, it was not possible to conclusively determine whether personal information was actually accessed by the unauthorized party. To date, we are not aware of any misuse of your data.”

The statement adds that the personal information involved in the incident may have included full name, date of birth, address; social security number, driver’s license/state ID number, and/or financial account information; medical and/or treatment information (medical record number, dates of services, provider and facility, diagnosis/symptom information, and prescription/medication information); health insurance information (payer name and subscriber Medicare/Medicaid number); and billing and claims information. Not all of the data elements were involved for all individuals impacted, according to the statement.

“Conifer takes privacy and security very seriously. In response to this incident, Conifer immediately took action to block malicious IP addresses and URLs,” the statement explains. “In addition, the password for the impacted account was reset shortly after the unauthorized access. Conifer has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and Conifer accelerated its implementation of multi-factor authentication for business email accounts within the environment.”

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...