Associated Pathologists, LLC dba PathGroup Health Plan
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In December 2016, Associated Pathologists, LLC, doing business as PathGroup, experienced a data breach involving the personal information of 1,456 patients. This incident was discovered as part of the company’s proactive information security testing and auditing procedures. An employee of PathGroup had improperly made this sensitive information accessible through the internet on January 29, 2016, which then became available for third-party access. The information exposed included patients’ first and last names, dates of birth, social security numbers, genders, payment guarantor relationships and names, service dates, states of residency, amounts charged, and PathGroup’s record, invoice, and account numbers. Importantly, no medical or clinical information was exposed in this breach.
Upon discovering the breach, PathGroup took immediate action to have the information deleted from the internet. The company also initiated an investigation with an experienced IT team to determine the extent of the potential breach and retrained employees on its stringent policies to prevent future incidents. The employee responsible for the breach is no longer with the company. To mitigate potential harm, PathGroup offered free credit monitoring services to those affected and advised them on steps to reduce the chances of identity theft, including placing a 90-day fraud alert on their credit files and considering a security freeze on their credit reports.
PathGroup has extensive policies, procedures, and employee training in place aimed at preventing such incidents. However, they acknowledged that human error was a factor in this case. The company has expressed its commitment to privacy and has taken this matter very seriously, apologizing to the patients affected by the incident[1].
Citations:
- http://www.pathgroup.com/substitute-public-notice-of-data-breach/
- https://www.bankinfosecurity.com/tennessee-heart-clinic-notifies-170k-hacking-data-breach-a-22712
- https://casetext.com/case/silvernagel-v-pathgroup-holdings-llc
- https://www.newschannel5.com/health-system-breach-exposes-1m-patients-information-in-this-state
- http://www.pathgroup.com
- http://www.pathgroup.com/company/billing/managed-care-contract/
- https://www.tn.gov/content/dam/tn/health/healthprofboards/minutes/med-lab/MED-LAB-BOARD-MINUTES-7-20-18.pdf
- https://www.highlandspath.com/privacy/
- https://www.tn.gov/content/dam/tn/health/healthprofboards/minutes/med-lab/MED%20LAB%20FULL%20BOARD%20MINUTES%207-29-22.pdf
- https://www.pathai.com/policies-and-notices/
- https://www.bbb.org/us/tn/brentwood/profile/medical-testing/pathgroup-0573-37033458/complaints
- https://www.coursesidekick.com/medicine/1399328
- https://knoxcounty.org/clerk/CommMinutes/2020/08-24-2020.pdf