Valley Baptist Medical Center – Brownsville

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Valley Baptist Medical Center in Brownsville, TX, was part of a larger cybersecurity incident involving Conifer Revenue Cycle Solutions, a Dallas-based company that manages revenue and administrative services for healthcare providers. On August 12, 2022, Conifer announced that an unauthorized third party had gained access to a Microsoft Office 365-hosted business email account on January 20, 2022. This breach potentially affected personal information associated with patients from several healthcare providers, including Valley Baptist Medical Centers in Brownsville and Harlingen, among others[2][4][7].

The type of patient data compromised in the breach may have included identification information such as full names, dates of birth, home addresses, Social Security numbers, driver’s license/state ID numbers, financial account information, medical and/or treatment information (including medical record numbers, dates of service, provider and facility names, diagnosis or symptom information, and prescriptions), as well as health insurance and billing information[2][4].

In response to the incident, Conifer took immediate action to block malicious IP addresses and URLs, reset the password for the impacted account, and has since enhanced its security controls and monitoring practices. This includes accelerating the implementation of multifactor authentication for business email accounts within its environment[2][7]. The U.S. Department of Health and Human Services Office for Civil Rights Breach Portal listed the number of individuals impacted by the breach at 2,787[7].

It’s important to note that while the breach was significant, Conifer has found no evidence that the compromised information has been misused[4]. Patients affected by the breach were notified, and the incident underscores the ongoing challenges and high costs associated with cybersecurity breaches in the healthcare industry[2].

Citations:

  1. https://www.valleycentral.com/news/local-news/patient-information-leaked-due-to-valley-baptist-medical-center-security-breach/
  2. https://www.healthcareitnews.com/news/conifer-hack-compromises-patient-data-6-hospitals
  3. https://www.valleycentral.com/news/local-news/brownsville-mineral-plant-investigation-reveals-16-violations/
  4. https://www.beckershospitalreview.com/cybersecurity/baptist-health-system-4-other-hospitals-report-patient-information-exposed-in-vendor-email-hack.html
  5. https://www.valleycentral.com/news/local-news/brownsville-health-center-experiences-data-breach-patient-data-accessed/
  6. https://www.scmagazine.com/analysis/134k-common-ground-plan-members-added-to-vendors-ransomware-fallout
  7. https://www.hcinnovationgroup.com/cybersecurity/data-breaches/news/21277737/six-hospitals-experience-cyber-incident
  8. https://www.jdsupra.com/legalnews/conifer-revenue-cycle-solutions-llc-3032313/
  9. https://www.calhipaa.com/phi-exposed-due-to-breaches-at-practice-resources-and-valley-baptist-medical-center/
  10. https://www.valleycentral.com/food-4-thought/meat-market-closes-due-to-mass-violation-on-health-report/
  11. https://oig.hhs.gov/fraud/enforcement/valley-baptist-medical-center-agreed-to-pay-159000-for-allegedly-violating-the-civil-monetary-penalties-law-by-employing-an-excluded-individual/
  12. https://www.valleycentral.com/food-4-thought/fruit-fly-rags-hidden-behind-tortilla-maker/
  13. https://casetext.com/case/pisharodi-v-valley-baptist-medical-center
  14. https://www.valleycentral.com/food-4-thought/mcallen-bistro-claims-inspection-report-was-an-oversight/
  15. https://casetext.com/case/valley-baptist-med-center-brownsville-v-battles
  16. https://www.dol.gov/sites/dolgov/files/ofccp/foia/files/Valley_Baptist_Medical_Center_Redacted_CA.pdf
Breach Submission Date Aug 12, 2022
Converted Entity Name Valley Baptist Medical Center - Brownsville
Converted Entity Type Healthcare Provider
State TX
Individuals Affected 7,496
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes