Surgical Dermatology Group has disclosed a healthcare data security breach involving a server managed by TekLinks, the well-known MSP and cloud services provider (CSP) in Alabama. TekLinks discovered and closed the server security breach in May, then alerted Surgical Dermatology of the issue in June, the healthcare company says. Surgical, in turn, has disclosed the breach to customers.
Updated Wednesday, August 16, 2017, 10:48 p.m. ET: TekLinks CEO Jim Akerhielm issues statement about the attack.
The Surgical Dermatology Group disclosure states:
"On June 7, 2017, Surgical Dermatology Group in Birmingham, Alabama (“SDG”) received notice from its cloud hosting and server management provider, TekLinks, Inc., of a security breach at its Birmingham facility that hosts our server. We immediately initiated an investigation and learned that external hackers had gained access to our server possibly as far back as March 23, 2017. TekLinks has assured us that all unauthorized access was terminated on May 1, 2017 and that monitoring by TekLinks from April 22, 2017 through May 1, 2017 showed no further malicious activity during that time period."
MSSP Alert has reached out to Surgical Dermatology Group to see if the breach has any HIPAA compliance implications. We'll update this article if/when we receive a reply from the company.
Data At Risk?
In its prepared statement, Surgical Dermatology Group indicated there's no current evidence of any actual or attempted misuse of the information as a result of this incident. However, the breach may have allowed hackers to access patient name, address, telephone number, email address, home and work telephone numbers, cell phone number, Social Security number, medical record number, patient ID, physician name, health plan/insurance number, and charges and payments from services performed. However, no driver’s license, credit card or other financial information was stored in any files on the server, the company said.