- Texas-based Baylor Scott and White Medical Center-Frisco is notifying about 47,948 patients or guarantors that their payment information was exposed for a week, after a hack on its third-party vendor’s credit card processing system.
Officials discovered an issue with its credit card processing system on September 29 and terminated card processing through the terminal. The vendor was notified immediately and an investigation was launched into the event. They determined inappropriate access on the system from September 22 to 29.
The breached information included names, dates of service, medical record numbers, account data, insurance provider information, the last four digits of credit card numbers, CCV numbers, credit card type, recurring payment details, account balances, transaction statuses and invoice numbers.
No medical or personal health data was compromised in the cyberattack.
The security breach was limited to the third-party vendor’s system, and no hospital or clinical systems were breached. No other Baylor Scott and White facilities were impacted. All impacted patients have been offered a year of free credit monitoring.
As of today, December 11, the online payment function of the Baylor Scott and White Medical Center-Frisco website is still down.
Third-party vendor breaches have been increasingly common in the healthcare sector for the last few years. Less than a month ago, a hack on billing vendor AccuDoc Solutions caused the breach of 2.65 million Atrium Health patient records.
Often, healthcare organizations are left open to risk by failure to better manage third-party vendors. Many providers have multiple vendors, so it’s crucial to build a relationship and hold those business associates accountable through routine risk assessments. A data inventory can also provide insight into just what data are being shared.