Pediatrics West, P.C.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Breach at Pediatrics West, P.C. in Massachusetts

Pediatrics West and Allergy West experienced a data security incident that disrupted some of their information technology systems. The incident was first identified after unusual activity was detected on their systems, prompting immediate action to secure the systems and an investigation with the help of a third-party forensic investigator. The investigation revealed that an unauthorized party accessed some of their systems between August 19, 2021, and August 15, 2022, potentially accessing locally stored files. These files may have contained patient information, including names, contact information, demographic details, dates of birth, diagnosis and treatment information, prescription details, medical record numbers, provider names, dates of service, and health insurance information. However, Social Security numbers and the electronic medical records system were not involved in the incident[1].

Pediatrics West and Allergy West are taking the situation seriously and have expressed regret for any concern caused by the incident. They have begun mailing notification letters to potentially impacted patients and recommend that these patients review statements from their healthcare providers for accuracy. To prevent future incidents, additional safeguards and technical security measures have been implemented to further protect and monitor their IT infrastructure. A dedicated call center has been established to answer questions about the incident, available at 855-504-4520 from 9 a.m. to 6:30 p.m. Monday to Friday, excluding some major holidays[1].

Additionally, Pediatrics West, P.C. has offered a complimentary two-year membership to Experian IdentityWorksSM to help protect the identity of those affected. This service helps detect possible misuse of personal information and provides identity protection services focused on identification and resolution of identity theft. The affected individuals have also been advised on steps they can take to avoid identity theft, including placing fraud alerts and security freezes on their credit reports[3].

For further assistance and information on the breach, affected individuals can contact the dedicated call center or refer to the notification letters sent by Pediatrics West and Allergy West[1][3].

Citations:

  1. https://www.lowellsun.com/2022/12/11/pediatrics-west-allergy-west-address-data-security-incident/
  2. https://www.texaschildrens.org
  3. https://www.mass.gov/doc/assigned-data-breach-number-29096-pediatrics-west-pc/download
  4. https://www.cbsnews.com/pittsburgh/news/flu-season-pediatric-death-west-virginia/
  5. https://www.mass.gov/lists/data-breach-notification-letters-february-2023
  6. https://health.usnews.com/doctors/pediatricians/massachusetts/boston
  7. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  8. https://trellis.law/case/25017/0581cv03713/gara-matthews-md-v-west-suburban-pediatrics-p-c-et-al
  9. https://pediatricswest.com
  10. https://www.hipaajournal.com/hipaa-violation-cases/
  11. https://reviews.birdeye.com/pediatrics-west-pc-155769503310627
Breach Submission Date Dec 09, 2022
Converted Entity Name Pediatrics West, P.C.
Converted Entity Type Healthcare Provider
State MA
Individuals Affected 1,364
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes