Silverberg Surgical and Medical Group Data Breach (2015)

Silverberg Surgical and Medical Group is alerting patients to the potential exposure of highly sensitive Protected Health Information after an error made in the configuration of a document scanner resulted in patient information being accessible via the internet. The device had been used to scan documents containing personal information such as patient names, dates of birth, contact telephone numbers, home addresses, fax numbers, and e-mail addresses. Some patients' Social Security numbers were exposed, as were medical record numbers, health plan ID numbers, beneficiary numbers, medical information, full face photographs and state license numbers: A Smorgasbord of data that could potentially be used by criminals to commit medical, insurance and identity fraud. Silverberg discovered the security breach on August 28, 2015, and immediately launched an investigation. That investigation revealed the device had posted data online since September 10, 2013. The company has now secured the device and data and has enlisted the help of a specialist data security firm to conduct a forensic data analysis to determine whether data was accessed during that time frame. The matter has also been reported to various law enforcement agencies, including the FBI, and government and state authorities have also been notified of the security breach. Affected individuals have now been notified by mail, and are being offered a year of credit monitoring services, along with identity theft protection and identity restoration services through Kroll.