Forefront Dermatology has admitted a breach of its network may have exposed the personal data and medical records of up to 2.4 million patients.
The records of staff at the Wisconsin-based organization have also been placed at risk from the compromise, which dates back to early June.
The situation could have been even worse had the company not taken its network offline after detecting an intrusion on June 4, 2021.
In a statement, Forefront Dermatology said that a subsequent investigation found that “the incident resulted in unauthorized access to certain files on its IT systems that contain patient and employee information”.
This information may have included patient names, addresses, dates of birth, patient account numbers, health insurance plan member ID numbers, healthcare provider names, and/or medical and clinical treatment information among other sensitive data.
“There is no evidence that patient Social Security numbers, driver’s license numbers, or financial account/payment card information were involved in this incident,” according to Forefront Dermatology.
Forefront Dermatology is in the process of notifying patients, who are being advised to check their healthcare statements. The healthcare provider promised to enhance its security controls in an effort to prevent any repetition of the damaging incident.
The incident is under investigation by regulators at the US Department of Health and Human Services, which reports that an eye-watering 2,413,553 individuals were affected by the incident.