Phoenician Medical Center, Inc
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The Phoenician Medical Center, Inc. (PMC), based in Chandler, Arizona, experienced a significant data breach that was first detected on March 31, 2023. This incident disrupted some of its IT systems and led to unauthorized access to files containing protected health information of patients. The forensic investigation confirmed that hackers might have obtained sensitive patient data, including names, contact information, demographic information, dates of birth, state identification numbers, medical record numbers, diagnosis and treatment information, provider names, dates of service, prescription information, and health insurance information. The breach affected up to 162,500 current and former patients who had received medical services at PMC or its affiliated companies, Phoenix Neurological & Pain Institute, and/or Laser Surgery Center between 2016 and 2023[1][3].
PMC reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights and began sending out data breach notification letters to all individuals whose information was affected by the incident on July 5, 2023[1][11]. The breach notification emphasized the risk of identity theft and fraud due to the exposure of sensitive health information. PMC has committed to enhancing its security protocols and technical safeguards to prevent similar incidents in the future[3].
In response to the breach, a class action lawsuit was filed against PMC, alleging negligence for failing to implement adequate data security practices and properly monitor its computer systems. The lawsuit, filed on July 27, 2023, claims that the cyberattack compromised the private health information of current and former patients treated between 2016 and 2023. It argues that the breach was a direct result of PMC’s failure to safeguard patient information and criticizes the delay in notifying victims, stating that federal and state laws require organizations to report breaches involving protected health information within 60 days. The lawsuit seeks to represent anyone in the United States whose personal information was impacted by the breach[5][7].
PMC is a healthcare services company that consists of several divisions, including Phoenician Primary Care, Phoenician Neurological & Pain Institute, Phoenician Vein & Vascular, Phoenician Cardiology, and Desert Laboratories. It operates more than 20 locations, serving over 140,000 patients, employs more than 350 people, and generates approximately $10 million in annual revenue[1][2].
Citations:
- https://www.jdsupra.com/legalnews/phoenician-medical-center-inc-notifies-2077858/
- https://bluesteelcyber.com/the-15-biggest-healthcare-data-breaches-of-2023-so-far/
- https://www.hipaajournal.com/phoenician-medical-center-cyberattack-affects-up-to-162500-patients/
- https://healthitsecurity.com/news/moveit-transfer-cyberattack-impacts-1.2m-at-pension-benefit-information
- https://www.classaction.org/news/phoenician-medical-center-hit-with-class-action-over-march-2023-data-breach
- https://www.hipaajournal.com/hipaa-breaches/
- https://www.classaction.org/media/murray-v-phoenician-medical-center-inc.pdf
- https://archive.fdic.gov/view/fdic/12294/fdic_12294_DS3.pdf
- https://www.myinjuryattorney.com/phoenician-medical-center-inc-data-breach-investigation/
- https://www.hackmageddon.com/2023/08/22/1-15-july-2023-cyber-attacks-timeline/
- https://seculore.com/state/arizona/07-19-2023-az-phoenician-medical-center-inc/
- https://www.phoenix.gov/pddsite/Documents/PZ/Z-83-16-6%20Phoenician%20PUD%202022%20Amended%20Narrative%20220503.pdf
- https://sos-vo.org/node/96928
- https://www.beckershospitalreview.com/cybersecurity/162-000-affected-in-arizona-care-network-data-breach.html