It appears that an employee or someone with authorized access to the database took protected health information (PHI) including including names, addresses, telephone numbers, and potentially other private information. It is unclear whether any health/medical information was also improperly acquired.
"... protected health information, including names, addresses, telephone numbers, and potentially other private information, was taken...."Reportedly, the data theft occurred on February 21. It is unclear when the breach was actually discovered or why it took until June to notify patients. Healthcare organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
- Physical therapy practice breach announcement
Download a white paper on identity theft and patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) NY: Sloane Stecker Physical Therapy notifies 2,000 patients of breach - www.PHIprivacy.net, 07/22/2014