Data breach at Philly-area Ob/Gyn practice among this year’s largest nationally


The personal data breach affecting 300,000 patients disclosed last month by Women’s Health Care Group of PA LLC was the third-largest reported this year to the U.S. Department of Health and Human Services, according to the agency’s website.

Women’s Health Care Group, which in March merged with Regional Women’s Health Group in New Jersey to form what the companies described as the largest U.S. Ob/Gyn practice, notified patients of the breach on July 18, more than two months after it discovered the ransomware.

“It does seem to be an unusually long period of time,” Adam Levin, chairman of CyberScout, a cybersecurity firm, said of the two-month delay. Two factors could have caused it, he said. They could have been trying to figure out if data had actually been taken and they could have been under orders from law enforcement to keep the breach under wraps.

Pennsylvania requires notification “without unreasonable delay.”

A woman who answered the phone at the group’s office in Oaks on Friday said that company had no comment.

The notice said the hackers had gained access to the company’s computer systems as far back as January. “We have been unable to determine if any specific information was actually acquired or viewed in connection with this incident,” the notice said.

If the hackers took data, it would have included names, addresses, dates of birth, and Social Security numbers, enough to create major problems for consumers. The only key missing information were driver’s license numbers.

Women’s Health Care had backups of the data, which means that services were not disrupted. “That’s something everybody should be doing,” Levin said.

Regional Women’s Health and Women’s Health Care Group now operate as Axia Women’s Health, with 275 providers at 100 locations. It has headquarters in Oaks and Voorhees.



Thanks for your continued support…

We recently asked you to support our journalism. The response, in a word, is heartening. You have encouraged us in our mission — to provide quality news and watchdog journalism. Some of you have even followed through with subscriptions, which is especially gratifying. Our role as an independent, fact-based news organization has never been clearer. And our promise to you is that we will always strive to provide indispensable journalism to our community. Subscriptions are available for home delivery of the print edition and for a digital replica viewable on your mobile device or computer. Subscriptions start as low as 25¢ per day.
We’re thankful for your support in every way.



Philly.com comments are intended to be civil, friendly conversations. Please treat other participants with respect and in a way that you would want to be treated. You are responsible for what you say. And please, stay on topic. If you see an objectionable post, please report it to us using the “Report Abuse” option.

Please note that comments are monitored by Philly.com staff. We reserve the right at all times to remove any information or materials that are unlawful, threatening, abusive, libelous, defamatory, obscene, vulgar, pornographic, profane, indecent or otherwise objectionable. Personal attacks, especially on other participants, are not permitted. We reserve the right to permanently block any user who violates these terms and conditions.

Additionally comments that are long, have multiple paragraph breaks, include code, or include hyperlinks may not be posted.

Load comments


Please enable JavaScript to view the comments powered by Disqus.

Article source: http://www.philly.com/philly/business/pharma/data-breach-at-philly-area-obgyn-practice-among-this-years-largest-nationally-20170812.html

,

  1. No comments yet.
(will not be published)