Pediatric EMR Vendor Hack Affects 2.2 Million

/in


Cloud Security
,
HIPAA/HITECH
,
Security Operations

Incident Spotlights Multiple Common But Serious Data and Vendor Concerns

Marianne Kolbasuk McGee (HealthInfoSec) •
December 2, 2022    

Pediatric EMR Vendor Hack Affects 2.2 Million
Connexin Software, vendor of Office Practicum pediatric EMR software, says a hacked offline data set affected millions. (Photo source: Connexin Software Inc.)

A hacking incident at a cloud-based electronic health records and practice management software vendor affects dozens of the company’s pediatric practice clients and more than 2.2 million of their patients and other individuals.

See Also: Live Webinar | How To Meet Your Zero Trust Goals Through Advanced Endpoint Strategies

Pennsylvania-based Connexin Software Inc., which does business as Office Practicum, reported the hack to the U.S. Department of Health and Human Services on Nov. 11 and said it involved a network server.

Connexin in its breach notification statement lists about 120 pediatric practices affected by the incident.

In the statement, Connexin says that on Aug. 26, it detected “a data anomaly” on its internal network. A forensics investigation determined that an unauthorized third party had gained access to an internal computer network, removing some data contained in an “offline” patient data set used for data conversion and troubleshooting.

Connexin’s “live” electronic medical record system was not accessed, and the incident also did not affect any pediatric practice groups’ systems, databases or medical records systems, the statement says.

In any case, the range of patient data potentially compromised in the incident is wide. Connexin says patient…

Source…