Weak security in third-party vendors strike again in the medical world. Baylor Scott & White Medical Center – Frisco hospital in North Texas announced payment information, including partial credit card info, of some 47,000 patients or guarantors maybe have been compromised following a security incident with the third-party’s credit card processing system. The data breach was detected on September 29.
The hospital immediately canceled credit card processing through the compromised vendor and started an investigation. Critical information such as names, mailing addresses, birth dates, telephone numbers, date of birth, medical record numbers, insurance provider data, dates of service, account numbers, credit card types, last four digits of the credit cards, CCV numbers, recurring payment dates, account balances and invoice numbers may have been compromised between Sept. 22 and 29, but there’s no evidence the data has been used in illegal activities. As a safety procedure, patients or guarantors will receive one year of free credit monitoring services.
The security incident was limited to the third-party vendor’s network and didn’t affect the hospital’s systems.
“It is important to note that the hospital’s information and clinical systems were not affected, and medical information was not compromised. Social Security numbers and medical record information were not accessed,” reads the hospital’s alert.
Failure to manage third-party vendors exposes healthcare organizations to countless risks, especially because they don’t usually stick to a sole vendor. Attacks and credit-card hacks are growing in frequency in healthcare because hackers can use the information for their own advantage or sell it on the dark web to the highest bidder.