On June 29th, Advanced Medical Management LLC announced that they experienced a data breach.
Please note that Advanced Medical Management LLC is not the same company as Advanced Medical Management Inc. While both companies share the same name, AMM Incorporated did not experience a data breach.
What happened
Advanced Medical Management recently filed a notice of data breach with the Attorney General of Montana. They discovered portions of the company’s network were accessible to an unauthorized party between May 10th, 2023, and May 13th, 2023.
Advanced Medical Management’s investigation concluded on June 22nd. Ultimately, the organization discovered that the unauthorized party had access to sensitive information, including Social Security numbers, names, addresses, phone numbers, driver’s license numbers, protected health information, and more.
Following the discovery, Advanced Medical Management sent a breach notification to all potentially impacted individuals. They believe approximately 319,485 individuals were affected in multiple states, including California, DC, Iowa, Kentucky, Maryland, Massachusetts, and others.
Why it matters
Unique to Advanced Medical Management’s case is that they noted their IT systems were developed and maintained by a third-party vendor. While Advanced Medical Management had never had any prior problems with the third-party vendor, the data breach may be connected to security issues with the vendor.
In recent months, third-party vendors have come under fire for unauthorized tracking, which created privacy concerns for the Office for Civil Rights (OCR). In response, the OCR released a guidance on the potential risks.
Yet many organizations in the health sector are reliant on third parties to make their systems run smoothly and effectively. It’s not all bad; in fact, many organizations and patients benefit from using third parties, but when they are introduced, it’s especially important to ensure their security measures are up to a high standard.
Related: 98.6% of hospitals use tracking that puts patient privacy at risk
What’s next
Advanced Medical Management provides support to healthcare providers, meaning that it stores a large amount of data per user, which increases the risks of identity theft and other fraud. Users who received a letter are offered complimentary credit monitoring and are advised to be extra diligent when monitoring financial statements and any suspicious emails or other communications.
For Advanced Medical Management, the work is far from over as they work to ensure their system is protected again.
The Federal Trade Commission offers an in-depth breach response guide outlining the process for resolving vulnerabilities. While Advanced Medical Management’s systems are likely significantly more secure than they were at the time of the breach, preventing data breaches is becoming increasingly challenging and can require in-depth investigations, a dedicated team, legal counsel, and more.
The big picture
According to an analysis completed in February, the number of data breaches has continued to climb over the last few years. In 2022, it’s estimated that data breaches affected approximately 49.6 million Americans.
According to John Delano, Healthcare Cybersecurity Strategist at Critical Insight, “It’s hard for organizations because we deal with a lot of third parties, we deal with a lot of business associates, and having the bandwidth to be able to periodically check in on them and make sure that they’re treating your data the way you would treat it, becomes very difficult. And that’s hard to maintain.”
Delano also said that breaches are evolving, “They’re more sophisticated. And so, that is becoming a challenge, because it used to just be that you had to protect from some common known stuff, and now people are actually doing real hacking.”
Related: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
