Northern Iowa Therapy PC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Northern Iowa Therapy PC (NIT), based in Iowa, experienced a data breach that was first identified on March 10, 2023. The breach involved the exposure of patient records found in an account unaffiliated with NIT. Following the discovery, NIT engaged third-party forensic experts to conduct an investigation into the incident. The security breach was publicly announced by NIT on June 21, 2023. Subsequent investigations revealed that patient data had indeed been exposed, and this determination was made on October 4, 2023. After verifying contact information, NIT sent out notification letters to the affected individuals on October 27, 2023.

The data exposed in the breach varied from individual to individual but may have included sensitive information such as names, addresses, dates of birth, email addresses, phone numbers, medical information, mental/physical condition, Medicare IDs, Social Security numbers, driver’s license numbers, diagnoses, treatment information, dates of service, billing & claims information, health insurance information, and patient account numbers. In total, the records of 5,100 patients were confirmed to have been compromised as a result of the breach[11].

In response to the breach, NIT has stated that it continuously evaluates and modifies its security practices to enhance the privacy and security of personal information[11].

Citations:

  1. https://www.newstrail.com/cole-van-note-announces-northern-iowa-therapy-pc-data-breach-investigation/
  2. https://colevannote.com/investigations/
  3. https://scholarworks.uni.edu/facpub/index.2.html
  4. https://nitherapy.com
  5. https://www.healthcareitnews.com/news/list-biggest-hipaa-data-breaches-2009-2015
  6. https://consumer.sc.gov/identity-theft-unit/security-breach-notices
  7. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  8. https://www.itgovernanceusa.com/blog/cyber-security-and-data-privacy-in-the-usa-january-1-7-2024
  9. https://hhs.iowa.gov/media/10170/download
  10. https://breachdata.topwords.me/states/IA?limit=20&offset=20&sort=breach_type
  11. https://www.hipaajournal.com/sutter-health-84k-data-breach-ba/
  12. https://breachdata.topwords.me/states/IA?limit=20&offset=20&sort=number_affected
  13. https://www.jdsupra.com/legalnews/ui-community-homecare-files-notice-of-8252280/
  14. https://www.healthcaredive.com/news/tracking-healthcare-data-breaches-cybersecurity-hacking-hospitals/696184/
Breach Submission Date Oct 29, 2023
Converted Entity Name Northern Iowa Therapy PC
Converted Entity Type Business Associate
State IA
Individuals Affected 5,100
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes