A healthcare revenue cycle management firm based in Texas is informing around 400,000 individuals about a hacking incident as a result of unauthorized access to personal and protected health information, which originated from an external third party. The breach, discovered on August 13, led to unauthorized access to patient data such as Social Security numbers, medical treatment details, and more. Gryphon Healthcare, the firm involved, conducted a thorough review of affected files by September 3 and began the notification process
Measures have been taken to enhance security and prevent similar incidents, but there is no evidence of data misuse. With one-third of 534 major health data breaches in 2024 involving business associates, the incident raises concerns about vendor risks and underscores the need for HIPAA-regulated organizations to bolster privacy and security measures. https://www.bankinfosecurity.com/revenue-cycle-vendor-notifying-400000-patients-hack-a-26523