"The electronic health record and revenue cycle management vendor athenahealth has recently notified 1,974 individuals about the exposure of some of their protected health information. Athenahealth submits and receives patient insurance eligibility queries and insurance provider responses on behalf of its healthcare provider clients. On September 16, 2024, an insurance provider notified athenahealth that eligibility transaction files were visible in a publicly accessible Internet repository. The files were removed from the repository and the investigation determined that a manual error was made configuring the repository, which allowed the files to be accessed on or after April 3, 2024.
The information contained in the exposed files varied from individual to individual and may have included an individual’s name along with one or more of the following: address, date of birth, gender, insurance member ID, clinical information (healthcare provider’s name, health insurance provider, information regarding clinical care and payment responsibilities for that care such as co-pay amounts). Social Security numbers and financial account information were not involved.
Athenahealth is implementing additional safeguards, workflows, and processes to prevent similar incidents in the future. The affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services.
"
https://www.hipaajournal.com/data-breaches-reported-by-hopscotch-athenahealth-central-resources/
"The electronic health record and revenue cycle management vendor athenahealth has recently notified 1,974 individuals about the exposure of some of their protected health information. Athenahealth submits and receives patient insurance eligibility queries and insurance provider responses on behalf of its healthcare provider clients. On September 16, 2024, an insurance provider notified athenahealth that eligibility transaction files were visible in a publicly accessible Internet repository. The files were removed from the repository and the investigation determined that a manual error was made configuring the repository, which allowed the files to be accessed on or after April 3, 2024.
The information contained in the exposed files varied from individual to individual and may have included an individual’s name along with one or more of the following: address, date of birth, gender, insurance member ID, clinical information (healthcare provider’s name, health insurance provider, information regarding clinical care and payment responsibilities for that care such as co-pay amounts). Social Security numbers and financial account information were not involved.
Athenahealth is implementing additional safeguards, workflows, and processes to prevent similar incidents in the future. The affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services. "