Mendelson Kornblum Orthopedic and Spine Specialists, a 21-physician practice in Livonia, Mich., recently notified patients that certain health information could have been exposed in a cyberattack.
Four notes:
1. On Jan. 5, the practice discovered that one of its computer's servers "had been for an unknown period of time vulnerable to viewing by unauthorized third parties," according to a statement on its website. Mendelson Kornblum reported the incident as affecting 28,658 patients to HHS on March 5.
2. The exposed information included patient names, medical record numbers, birth dates, sex and certain data related to medical images. Exposed data did not include medical images, Social Security numbers or financial data, the practice said.
3. Mendelson Kornblum said it launched an investigation into the incident and closed the vulnerability on the server to prevent further exposure.
4. The practice has two ASCs, two offices that focus on spine and orthopedics, and two pain management offices, according to its website.