14 DAY TRIAL // Touchstone Medical Imaging, a medical company providing diagnostic imaging services in the United States, disclosed on Friday that patient details were exposed online since the beginning of May 2014.
The company took about five months to report the incident to the California Office of the Attorney General because during the first internal investigation the forensics team found no evidence that the information that had been exposed was readable.
However, on September 5 this year, the experts learned that the possibility of patient data being readable existed, and the folder contained personally identifiable data.
No medical records have been impacted
According to the letter sent to the affected individuals, billing details collected from patients before August 2012 were available to public view to anyone with an Internet connection.
The company stresses the fact that medical records were not available in the folder and could not be accessed. But the data in the insecure folder included names, dates of birth, addresses, telephone numbers, Social Security numbers, health insurer names, radiology procedures and diagnosis.
Touchstone Medical Imaging says that, after learning about the exposed folder, their IT administrators took the necessary action to remove it from public view.
New info suggested that data was readable
After learning about the exposure, the IT staff took a closer look and determined that the patient details were unreadable. This would suggest that some form of encryption or password protection was in place, but no confirmation has been issued.
It is unclear where new information about the incident came from, but the CEO of the company, Christian Rice Jr., said in the letter that the details were in fact readable, which prompted the disclosure of the leak.
Complimentary ID theft services offered
For the time being, the company has no evidence that the leaked details have been used for malicious purposes. But despite this, affected customers are offered free protection services against identity theft for one year.
These services are designed to detect possible misuse of personal information and take appropriate measures to resolve problems, if such issues occur.
In order to benefit from the ID theft protection service offered by Touchstone Medical Imaging, affected individuals have to enroll themselves into the service; all the details on how to do this are provided in the letter.
Regular review of the explanation of benefits statement received from the health insurer is also highly recommended.
“We deeply regret any inconvenience this may cause you. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures,” says the company CEO in the letter.