Six Hospitals Experience Cyber Incident

Aug. 17, 2022
Conifer Revenue Cycle Solutions announced on Aug. 12 that an unauthorized third party gained access to a business email account—the company provided notice to six healthcare providers in Texas

Conifer Revenue Cycle Solutions, a Dallas-based company that manages revenue and administrative services for healthcare providers, made a statement on Aug. 12 that it “experienced a cybersecurity incident that may have affected your personal information.”

Conifer is currently providing this notice on behalf of the following healthcare providers: San Antonio-based Baptist Health System; Resolute Health Hospital in New Braunfels; The Hospitals of Providence Memorial Campus in El Paso and Valley Baptist Medical Centers in Brownsville and Harlingen. The vendor sent a separate notice to Alabama patients on behalf of Brookwood Baptist Medical Center in Birmingham.

The statement provided by Conifer does not provide the number of individuals impacted by the breach, but the U.S. Department of Health and Human Services Office for Civil Rights Breach Portal has the number at 2,787.

The statement says that “On April 14, 2022, Conifer learned that an unauthorized third party gained access to a Microsoft Office 365-hosted business email account. Upon discovery, Conifer immediately began an investigation, and engaged a leading security firm. Based on the investigation, the unauthorized party was able to access the business email account at Conifer on January 20, 2022. This email account is separate from Conifer’s internal network and systems, which were not affected by this incident.”

Moreover, “Based on a detailed review conducted between June 13, 2022 and August 3, 2022, it was determined that your personal information associated with a healthcare provider was in the impacted business email account. Even though Conifer conducted a thorough investigation, it was not possible to conclusively determine whether personal information was actually accessed by the unauthorized party. To date, we are not aware of any misuse of your data.”

The statement adds that the personal information involved in the incident may have included full name, date of birth, address; social security number, driver’s license/state ID number, and/or financial account information; medical and/or treatment information (medical record number, dates of services, provider and facility, diagnosis/symptom information, and prescription/medication information); health insurance information (payer name and subscriber Medicare/Medicaid number); and billing and claims information. Not all of the data elements were involved for all individuals impacted, according to the statement.

“Conifer takes privacy and security very seriously. In response to this incident, Conifer immediately took action to block malicious IP addresses and URLs,” the statement explains. “In addition, the password for the impacted account was reset shortly after the unauthorized access. Conifer has enhanced and continues to enhance its security controls and monitoring practices as appropriate to minimize the risk of any similar incident in the future, and Conifer accelerated its implementation of multi-factor authentication for business email accounts within the environment.”

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?